Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Privacy in Healthcare:
A Healthy Outlook on a Critical Topic
Amalia Steiu CIPP/IT
Enterprise Risk Advisor
Informatica Research
AGENDA 1. EHR Projects and Challenges 2. Attacks on privacy in healthcare 3. A balanced approach: patient care or AND
patient privacy ? 4. Q&A
1. EHR Projects and Challenges
• Over 400 vendors of EMR/EHR solutions • Up to 80% of implementations FAIL • The benefits (administrative and billing) • The challenges : broken processes are now electronic,
clinical work slows down, sometimes paper is more flexible
• HITECH Act (27 bil) , Canada Information Highway (2.13 bil so far), Australia PCEHR (466 million so far) etc
► Stakeholder resistance *
► Failure to update operational processes *
► Worthless Risk Management (poor Risk Identification and
Management) *
► Wrong vendor for the implementation
► Lack of skilled resources (including Project Management)
► Unbudgeted expenses
Why EHR Projects Fail ?
2. Attacks on Privacy in Healthcare
• The most breached industry in 2011
• (US) 170 breaches out of 480 – privacyrights.org
• (UK) 806 separate incidents involving patient medical records
being compromised between July 2008 and July 2011
• (US) 10,243,125 Records from 483 Breaches made public
between 2010 – 2012
• Data Breach calculator
A successful implementation looks like .....
* Develop a risk management program for the healthcare organization * Leverage other industries to assist in security program development * Security & Privacy as business enhancement vs. an expense and roadblock * Understand that nothing will ever be fully secure. Integrated GRC approach : ability to detect, respond, and minimize * Your Privacy & Security controls are as weak as the weakest link (legacy systems and lagging technology)
A successful implementation looks like ...... (cont’d)
3. A Balanced approach : Patient Care OR AND Patient Privacy
• Patient Care : ‘smart’ healthcare (next slide)
• Patient Privacy must be engineered into new EHR systems and re-engineered back into legacy systems
• A methodology that is repeatable : allows for prioritization of projects, targeting the appropriate areas in healthcare that need strengthening of privacy controls : GRC program, strong Project Management, PbRD principles.
?? QUESTIONS ??
“Re-engineering Privacy in Healthcare research paper” (Informatica Research)
Resources : • Study: Up to 80 percent of EHR projects fail – Milbank Quarterly Review, Vol.87
Issue 4
• Why National EHealth Programs need Dead Philosophers
• 5 reasons why EHR Projects fail
• Why Most EMR Implementations Fail
• Best Practices in EMR Implementations
• Healthcare, most breached industry in 2011
• Privacy Rights Clearinghouse
• Inside the Cost of a Breach – Larry Ponemon
• The broader meaning of IT in Healthcare
• Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities –
Win/Win
• Privacy by ReDesign – a Practical Framework for Implementation
• Canada: How Privacy Considerations Drive Patient Decisions and Impact
Patient Care Outcomes
INSTRUCTIONS FOR USING THIS TEMPLATE
Congratulations on presenting at the Symposium! If you wish, please feel free to use this template for your presentation. Please note that if you do use it, we ask that you follow these simple guidelines:
The slides have been preformatted with Verdana font. Please maintain
this font throughout the presentation.
Please use the slides for the full presentation. Avoid using the title page slide only and switching to different slides for the remainder of the presentation.
To use an IAPP logo, please e-mail [email protected] and request a high-resolution file. Please do not copy a logo from our website and use it in the presentation.