Protecting Patients and Providers in a High-Tech World
| PANELIST SLIDES | |
Chris Davenport, a global security consultant for IBM Global Business Solutions’ health care division, warned participants at the panel session “Security and Innovation in Health Information Technology” at the University of Miami Global Business Forum, Jan.12–14, 2011, that though innovations continue to hit the market, they often bring with them unintentionally negative consequences.
 |
|
Panelists (L-R) Sara Rushinek, Professor,
|
Cloud computing systems, for example, give doctors easy access to patient information wherever they are, but even the most secure systems have the potential to be hacked or accessed by a disgruntled employee who decides to post confidential information on the Internet, Davenport said. And while he predicted that Facebook might replace e-mail within three years, he cautioned that the social media site is designed to share and leak information, not to protect it.
The health care industry has no choice but to adapt to a high-tech world that is increasingly concerned about privacy. In 2009, Congress enacted the Health Information Technology for Economic and Clinical Health Act (HITECH), which mandates higher penalties against institutions and professionals that inadvertently lose confidential information. Mark Blatt, a physician who now serves as Intel’s director of health care industry solutions, said the fine is $100 to $50,000 for every breach, up to $1.5 million annually.
“If that doctor in Texas is hit with $1.5 million in fines, he will go out of business,” Blatt said. Penalties grow even larger if a breach affects more than 500 people. Then, the doctor or institution must disclose the incident to the media within 60 days or risk criminal charges. The legislation empowers state attorneys general to seek civil penalties as well.
Blatt warned that hacking isn’t the only way to steal medical information. “Two million laptops are reported as stolen, and 97 percent are never found,” he said. “Twelve thousand laptops per week are lost or go missing at airports.”
To avoid HITECH Act sanctions, Blatt said health care professionals need to encrypt patient records or install anti-theft technology on their work and personal computers. He described a program called LoJack for Laptops that renders a laptop inoperable if it can’t find a particular network within 24 hours. If a laptop owner knows a computer has been stolen, he can call a security office, which then activates a code to wipe out unencrypted info, take pictures of the thief and activate a GPS signal. Blatt said this system has had a 75 percent recovery rate.
Gary Bahadur, CEO of KRAA Security, recommended that companies create social media policies that will educate health care professionals about the risks of disclosing sensitive information on sites like Facebook or its professional networking cousin, LinkedIn.
But some experts feel that the benefits of social networking sites — especially connecting the fragmented health care industry — outweigh their risks. Albert Santalo, president and CEO of CareCloud, says the Facebook-like company he co-founded in 2009 offers a secure, inexpensive, fast tool that is custom-made for the industry. Even at the height of the recession, venture capitalists and computer executives were enthusiastic enough about the startup’s potential to invest $3 million in capital. By the time the company went public in March 2010, CareCloud had raised an additional $5 million. Six months later, it won an award at IBM’s SmartCamp competition for startup companies.
Of course, technology innovation isn’t always on the wrong side of risk. Bill Taylor, president of Panasonic System Networks Co., discussed a new facial recognition technology that helps identify established security risks as soon as the security camera detects the individual’s image. A “special attention flag” also can be employed to identify “good” people such as favorite customers, he said.
His company has also developed a high-definition visual communications system that outfits operating rooms and disaster areas with three-dimensional videoconferencing and 360-degree sound capabilities.
Bal Harbour, Fla.-based plastic surgeon Michael Salzhauer said such technology will enable doctors to supervise operations from miles away. “An older doctor whose hands might not be as steady can supervise from the hallway,” he said. “Or watch from a golf course.”
Salzhauer should know: He co-developed iSurgeon, a popular iPhone app that lets users perform plastic surgery on their own photos and then share before and after photos of themselves, their friends and their pets on Facebook or Twitter — which, in turn, advertises Salzhaeur’s practice.
