The Importance of Having Cyber-Security for Innovations in Healthcare

Human Services and the Department of Health are currently looking at ways to motivate investment and innovation within the healthcare sector.  However, according to several organizations involved with industry, those who submitted feedback said that among the important issues that need addressing is cyber-security.

Over the weekend, writer Marianne Kolbasuk McGee from the gov info security website posted an article that explained why cyber-security in vital when applying innovation to the healthcare industry.  Last month, the Health and Human Services (HHS) issued a request for data seeking public comment “on a planned initiative of the Office of the Deputy Secretary of HHS to develop a work-group to facilitate constructive, high-level dialogue between HHS leadership and those focused on innovating and investing in the healthcare industry.” 


Within the HHS request for information, the department was searching for comment on how to structure a work-group, or other form of interaction between the department and such participants in the healthcare industry, in order to best support communication and understanding between these parties that will spur investment, increase competition, accelerate innovation, and allow capital investment in the healthcare sector to have a more significant impact on the health and well-being of Americans.

Threats to Cyber-Security

While there is nothing wrong with the healthcare sector looking for ways to spur investments and innovations, it is equally important to recognize that cyber-security issues need to be on their radar, which some organizations mentioned in their feedback.  The College of Healthcare Information Management Executives (CHIME), which is an association of CIOs and CISOs, referred to how vital issues with cyber-security need to be included in standards during any conversations between HHS and new work-group industry that is related with creating technology in healthcare investments and innovations.

CHIME wrote that one of the biggest challenges that the work-group will face is identifying an effective way to incentivize or otherwise promote ongoing, responsible innovation.  We recommend that this new work-group: 1) Offer the HHS secretary its recommendations for a set of standards – based on … [several] factors … that innovators should consider in developing technology to help treat patients and help caregivers; and 2) HHS use the recommendations to develop a voluntary framework for use by innovators.


CHIME appears to be adamant on cyber-security being part of any standards that are recommended which innovators must embrace involving healthcare.  CHIME stated that the cyber-security threats in healthcare are mounting, increasing costs to the industry and creating patient safety concerns.  Cyber-crime in healthcare settings is now a lucrative industry for bad actors. The growing nature of our interconnected healthcare world is also raising the stakes for the likelihood of negative patient outcomes attributed to a cyber event. Innovations in technology must consider these growing threats.

The Need for Protecting Patient IDs

There are other factors that are important to recognize such as protecting records of patients.  CHIME feels that standards that healthcare innovators embrace should consider a prioritization of ethical considerations, involve patients and clinicians at the beginning of design and roll-out phases while supporting a uniform way to accurately and uniquely recognize patients as well as connecting them with their medical records.

CHIME points out that current lacking standards in relation to recognizing patients is a barrier to maximizing the benefits of existing and emerging technologies.  Consistently identifying patients across health systems and different electronic health record platforms is a significant challenge. As patients seek care at different providers and seek the most cost-effective treatment, this situation will only grow more complicated. 


Besides CHIME, there are several organizations that are healthcare information technology-related that have been calling for the industry for years to make improvements on patient ID record matching efforts that would bolster patient safety and privacy.  Considering how frequently the news has reported an increase in cyber-attacks on individuals, businesses and government officials; it will be only a matter of time before patients’ electronic health records will become susceptible to being hacked unless proper cyber-security measures are put into place by the healthcare industry.