Examining health IT security in wake of Snowden controversy

As a relatively new part of the healthcare landscape, health information technology systems have been scrutinized by government, industry and computer experts for their efficiency, affordability and – perhaps most importantly – security. Devices such as electronic health records allow for easy transfer of patient files, billing information, medical histories, insurance information and other confidential data that needs to be protected by healthcare providers. Because of this, health IT developers and federal officials are working to root out possible security weaknesses in EHR systems to provide doctors and their patients with the highest level of privacy.

One recent news story that has attracted international attention has also raised eyebrows of those working on health IT security. Ex-National Security Agency contractor Edward Snowden has been on the run from U.S. officials for leaking classified intelligence to the public – particularly surrounding NSA domestic surveillance operations – and this controversy could have ramifications for health IT in the U.S., according to Healthcare IT News. Though Snowden is not directly linked to the healthcare industry, his story reveals the potential data security breaches that could impact Americans' digital health records.

Snowden exposes security holes
Snowden has been cast as both a threat to national security and a champion against government overreach, but his exposure of the NSA's domestic surveillance program has called into question other possible instances of the federal government bending the rules about private digital information.

While information leaks within the healthcare industry are rarely at the national security level, privacy remains an important concern for health IT officials, doctors and patients. David Kotz, a professor of computer science at Dartmouth College, noted that healthcare data breaches are especially troubling for the emerging mobile health IT industry and consumers. 

"The mHealth industry is booming, releasing new apps and gadgets every day. Most are sold directly to consumers in support of 'wellness' rather than medical care. Many of these apps and devices have little or no security," Kotz told the news source. "Furthermore, most upload personal information, health-related and otherwise, to the vendors' cloud server, where it can be analyzed and presented to the customer via a web portal. That's great, but one wonders what else are these vendors doing with that personal information. Consumers are encouraged to explore the privacy policies of these services carefully."

FDA calls for great health IT security
With cybersecurity becoming a more pressing issue every day, the government is taking steps to urge organizations to beef up their privacy measures in order to keep pace with the changing state of technology. The Washington Post reported the the U.S. Food and Drug Administration recently called on healthcare providers and medical device developers to increase the strength of their safeguards against unwarranted access from computer hackers and malicious viruses, especially with the number of reported data breaches on the rise.

"There's almost no medical device that doesn't have a network jack on the back," John Halamka, chief information officer at Beth Israel Deaconess Medical Center in Boston, told the news source. "To fight the evils of the Internet, not only do you have to have a moat, you have to have a drawbridge, burning oil to pour on attackers, and guys with arrows."

Luckily, there have been no major instances of hackers attacking healthcare computer systems to date. However, the FDA is in the process of creating a new set of digital security guidelines to ensure that new medical devices are able to keep healthcare records safe and confidential.