[BreachExchange] The Path To Better Management Of Healthcare Data

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 17 18:01:14 EDT 2018


Blockchain, cloud computing and other technologies are moving further into
the world of healthcare data, promising to change everything from patient
management to medical payments. Now a U.S.-based organization hopes to get
ahead of that curve by offering a new accreditation program designed to
boost data security and access in the healthcare industry.

The Electronic Healthcare Network Accreditation Commission (EHNAC) said on
Tuesday (May 15) that its new Trusted Exchange Accreditation Program (TEAP)
“will leverage existing industry-wide identity verification, authentication
and privacy/security frameworks and best practices in use across the
ecosystem,” according to a press release. TEAP will “align with many
national efforts” to improve data exchange and enable interoperability
across different health information networks.”

That might sound more than a bit bureaucratic, but the mission has a grand
scope. EHNAC intends to bring together people from across the healthcare
industry to figure out how to best speed up its information machinery.
Increasing the efficiency of access to that data — and securing it from
misuse — can lead to better care and lower costs for healthcare providers
and consumers, according to analysts and other experts.

“We need to leverage what’s working today in regard to frameworks,
standards and best practices, and work collaboratively to create a program”
that aligns with “enabling technologies” such as blockchain, said Lee
Barrett, executive director of EHNAC.

The voluntary, self-governing group includes members involved in healthcare
payments, financial services, management, information exchange and other
tasks that support direct patient care. EHNAC said it will soon assemble a
10-to-15 person steering committee to guide the new accreditation program.

The launch of TEAP comes amid a time of more focus on the security and
interoperability of healthcare data. For instance, a U.S. law enacted in
late 2016 — the 21st Century Cures Act — calls on federal agencies,
including the National Institute of Standards and Technology (NIST), to
help promote more efficient data sharing among healthcare industry players.

Additionally, the Trusted Exchange Framework and Common Agreement, from the
U.S. Department of Health and Human Services, is designed to “enable
providers, hospitals and other healthcare stakeholders to join any health
information network and then to automatically connect and participate in
nationwide health information exchange,” according to Dan Golder of Impact
Advisors, a healthcare consulting firm, in a blog post from earlier this

All that serves as the motivation behind TEAP, Barrett said. “The industry
is looking for additional guidance and assistance as the digital highway
for exchange of information continues to grow exponentially,” he said
Tuesday. “Cyber threats and HIPPA breaches continue at a very high rate,
and the need to assure stakeholder trust of data is crucial.”

Management of data always touches upon issues of payment. That rule holds
especially true in the healthcare world, where an estimated 10 percent of
the $3.4 trillion in healthcare payments is wasted via inefficient
processing, according to InstaMed. TEAP will not be able to ignore payments
— though efforts there might leave some in the industry feeling impatient
or frustrated, at least initially.

Barrett said a stronger focus via TEAP on data privacy, security and access
could eventually result in quicker payment processing, a problem that often
comes across as the whale no captain can ever catch. “Unfortunately, the
issues of payments and how they are processed will not be corrected and
addressed as quickly as we would all like,” he said.

But even in the short term, TEAP participants likely will enjoy benefits as
the program works toward reducing confusion about data collection standards
and “assuring continued alignment with the federal (data) roadmap,” Barrett
said — all of which would help boost “patient confidence” in the healthcare
system, he added.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180517/707d82fe/attachment.html>

More information about the BreachExchange mailing list