Eric Johnson Talks with Charles Lebo: Healthcare Data Security

THaW contributor Eric Johnson’s conversations from the CISO conference continued with VP and CISO of Kindred Healthcare, Charles Lebo. The two had a conversation to discuss some of the emerging challenges of healthcare security. The topics ranged from the scope of large healthcare datasets, to the emergence of ransomware and maintaining data security.

Click here, or play the embedded video above, to hear the discussion in full.

Eric Johnson talks with Paul Connelly: Healthcare Analytics and Information Security

THaW contributor Eric Johnson recently sat down with VP and CISO of Hospital Corporation of America Paul Connelly to discuss advancements in healthcare analytics and information security. Over the course of the discussion the two touch on the sheer volume of data created by HCA, and how analytics can be used to give that data value in contributing to informed decision making, while at the same time protecting patient security.

Click here, or play the embedded video above, to hear the discussion in full.

Five trends in healthcare IT – and their implications for security

In the previous post we described the current landscape for healthcare information technology. In this post, we note how healthcare information systems increasingly face daunting security challenges due to five economic and technological trends. First, the locus of care is shifting, as the healthcare system seeks more efficient and less-expensive ways to care for patients, particularly outpatients with chronic conditions. Second, strong economic incentives are pushing health providers to innovate by rewarding providers for keeping their patient population healthy, rather than paying only to fix patients when they are ill. Third, the treatment of chronic conditions and the implementation of prevention plans entail more continuous patient monitoring, outside of the clinical setting. Fourth, mobile consumer devices (smartphones and tablets) are quickly being adopted for health & wellness applications, both by caregivers and patients, in addition to their many other uses – making it difficult to protect sensitive health-related data and functions from the risks posed by a general-purpose Internet device. Finally, significant emerging threats are targeting healthcare information systems, while new regulations strive to protect medical integrity and patient privacy. Let’s look at each of these five trends in more detail.

Continue reading

The healthcare IT landscape

The United States spends over $2.6 trillion annually on healthcare. This amount represents approximately 18% of the gross domestic product (GDP), a percentage that has doubled in the last 30 years and is the highest of any country in the world [11]. Over 75% of these costs are due to the management of chronic diseases, which currently affects 45% of the U.S. population. By 2023, it is expected that costs to manage chronic diseases alone will rise to $4.2 trillion [3]. Many look to information technology to help reduce costs, increase efficiency, broaden access to healthcare, and improve the health of the population.

Meanwhile, recent years have seen a dramatic shift in the nature of computing with the advent of smartphones and tablet computers; the latest surveys estimate that over 50% of Americans have smartphones [10]. This wide-spread availability of a powerful mobile computing platform, with a rich interface and a variety of built-in sensors, has created a boom in mobile health (mHealth) applications like RunKeeper and Fooducate [9]; mHealth application downloads increased from 124 million in 2011 to 247 million in 2012 [8]. These mHealth apps and devices are becoming more prevalent due in part to the rising cost of healthcare and their suitability for managing chronic diseases, particularly in the aging population [5, 6], and in prevention and wellness programs [1].

Smartphones and tablets are rapidly moving into the clinical workplace as well. A recent estimate indicates that as many as 62% of doctors use mobile tablets [4]. Although some hospitals embrace smartphones and tablets by distributing them to their staff [7], a 2012 survey found that 85% of hospitals allow their clinicians to bring their own device to work [2].

Furthermore, universal connectivity (cellular, wireless, and home broadband) has enabled a tremendous variety of services to move to the “cloud.” Services like Dropbox and Google Drive make it easy for individuals to store, manipulate, and share content on cloud servers located in distant data centers. Services like Amazon S3 and Google App Engine make it easy for developers to build scalable computational backends without installing or managing their own infrastructure. These trends are pushing more individuals and enterprises to push an increasing fraction of their computing into Internet-connected servers run by other organizations – raising important questions about security and privacy.

Finally, recent years have seen rapid developments in smart, miniaturized, low-power, adaptive and self-calibrating instrumentation, enabling the emergence of mobile devices for monitoring and managing individual health conditions; examples range from wearable devices that measure physical activity (such as the BodyMedia armband) to Wi-Fi enabled bathroom scales (such as those from Withings or Fitbit) to stick-on ECG patches to monitor heart conditions (such as those from Corventis) to implanted insulin pumps (such as one from Medtronic). Most are wireless, able to upload data to a smartphone or to a cloud server for analysis and access by both the individual and caregivers.

The dynamic healthcare ecosystem and rapid technology evolution lead to new challenges in securing tomorrow’s healthcare information infrastructure. More on that in the next post!

Continue reading

Our mission

Welcome to the Trustworthy Health and Wellness (THaW) project. Our mission is to enable the promise of health and wellness technology by innovating mobile- and cloud-computing systems that respect the privacy of individuals and the trustworthiness of medical information.

With this mission in mind, our team is launching a comprehensive, multi-disciplinary research agenda to address many of the fundamental technical problems that arise in securing healthcare infrastructure that, given recent trends, will increasingly be delivered using mobile devices and cloud-based services. The pervasive reach and (often) health-critical nature of these new technologies demand scientific solutions that provide trustworthy cybersystems for health and wellness. Our five-year research agenda is driven by the needs of the changing health & wellness ecosystem and addresses fundamental scientific problems that arise in other domains in transition to an infrastructure built on mobile devices and cloud services, such as transportation, m-commerce and education.

Specifically, our research agenda will contribute to authenticating mobile users in a continuous and unobtrusive way, segmenting access to medical records from mobile devices to limit information exposure, allowing individuals a usable way to control the information collected about them, handling genomic data in the cloud while enabling patient control over information, managing security on remote health devices while reducing the burden on the user, verifying medical directives issued to remote devices, detecting malware through power analysis, providing provenance information to those who use health data, and auditing behavior of this complex ecosystem of devices and systems.

Our research will have long-term impact by enabling the creation of health & wellness systems that can be trusted by individual citizens to protect their privacy and can be trusted by health professionals to ensure data integrity and security. Our healthcare partners will aid us to evaluate and demonstrate the value of our security solutions. We will also impact the next generation of scientists by creating new course modules, sponsoring summer programs for underrepresented minorities and women to broaden undergraduate and K-12 participation in computing; and creating an exchange program for our postdocs and research students to rotate among sites to broaden perspectives and receive mentoring on trustworthy computing.