IDENTITY, INTEROPERABILITY, PATIENT ACCESS, and the 21st CENTURY CURES ACT: A Health-ISAC Guide for CISOs
IDENTITY AND INTEROPERABILITY
An identity-centric approach to enabling secure and easy access to patient data
The modernization of health care over the past decade has been pushed along by the digitization of health information and records into Electronic Health Record (“EHR”) systems and Electronic Health Information (“EHI”). While this digitization has been transformational, the full value of digital health care cannot be unleashed without making these records interoperable and easily shareable – enabling patients to have greater access to their own health information and where it flows to. In the United States for example, new federal regulations tied to the implementation of the 21st Century Cures Act now require firms across the health market to enable interoperability of health data though the creation of new APIs designed to facilitate information sharing.
These new interoperability mandates pose significant challenges, not the least of which is ensuring that new systems deployed to enable information sharing do not create new security concerns. Digital identity is front and center in these new interoperability architectures, given the importance of ensuring that only the right people can access sensitive EHI.
This paper – the fourth installment in Health-ISAC’s ongoing series focused on helping CISOs implement an identity-centric approach to cybersecurity – will help CISOs understand how an identity-centric approach to securing and enabling access to EHI will allow health organizations to minimize risks involved in complying with the 21st Century Cures Act. While this paper focuses on the new U.S. regulations, the concepts addressed in it apply to any health organization looking to enable broader access to and exchange of EHI. Health-ISAC may look to address a more comprehensive global view of laws, rules and regulations in a future paper.
While APIs are the “door” to enabling interoperability of EHI between health organizations, strong identity solutions are the “key” that keeps EHI secure.
Looking beyond compliance and security, healthcare organizations have an opportunity as they deploy more robust identity solutions to modernize the way they deliver healthcare, enabling new innovation that can improve patient experiences. One way of accomplishing this may be through issuing a high assurance digital credential to patients, or partnering with an organization that does.
Additional government requirements for high assurance identity vetting and authentication in health care may be coming; prudent planning now can help future proof your organization to address new requirements down the road.
Get your Healthcare CISO’s guide to Interoperability here.
Note: Health-ISAC is all about increasing cyber resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website.