Online Program

How to look behind the curtain of emerging health it technologies for security concerns

Tuesday, November 5, 2013 : 10:30 a.m. - 10:50 a.m.

Sean Owen, CISSP CAP CRISC, Client Cybersecurity Center, Abt Associates, Bethesda, MD
Teresa Doksum, PhD, MPH, Institutional Review Board, Abt Associates Inc., Cambridge, MA
Emerging technologies (e.g., mobile devices, cloud computing) have created tremendous opportunities for public health practitioners and researchers to improve health of underserved populations globally. Researchers and practitioners are increasingly being encouraged to use and share data. At the same time, changes to regulations such as HIPAA (announced January 2013) have increased security requirements. Limited resources have made it challenging for institutions to implement 1) sufficient staff training to ensure working knowledge of security best practices, and 2) technologies that protect health information per the regulations and reduce the likelihood of breaches. Using HIPAA as a framework, this session will include: 1) practical everyday requirements for keeping data secure in transmission and storage (e.g., encryption), and avoiding breaches, and 2) US and international examples of uses and risks of using cloud technologies and mobile devices to collect, store and transfer research data. Mobile devices present risks similar to laptops, but lack the mature industry security solutions to protect them, especially in institutions that allow staff to “bring your own device.” Use of mobile devices for data collection and work email have limitations in protecting research data as it travels and when it is stored on the device. The session discussion will include how to identify and balance typical risks, such as weak encryption and “one size fits all” against the regulatory requirements and practical advantages such as global data access and cost savings.

Learning Areas:

Public health or related laws, regulations, standards, or guidelines

Learning Objectives:
Identify provisions of HIPAA regulations (including 2013 updates) that are relevant to their research and use of emerging technologies. Develop basic data security procedures based on best practices to protect health data and mitigate likelihood of breaches. List potential security risks of emerging technologies for public health research/practice and strategies to mitigate risks.

Keyword(s): Risk Assessment, Health Insurance

Presenting author's disclosure statement:

Qualified on the content I am responsible for because: I am an institutional review board member, where I review research protocols, advise on the security solutions for protocols, and vote on adequency of protections for data. I have focused on protocols that involved CDC, CMS, AHRQ, HRSA, and USAID data. In additiona, I have worked on DfID protocols. I am also an ex-KPMG security auditor that provided security support for Federal civiilian agencies. I have also presented at PRIM&R.
Any relevant financial relationships? No

I agree to comply with the American Public Health Association Conflict of Interest and Commercial Support Guidelines, and to disclose to the participants any off-label or experimental uses of a commercial product or service discussed in my presentation.

Back to: 4114.0: Gaming and HIT Security