Security Insights and Takeways

While a good bit of time at HIMSS is spent connecting with current and potential clients, there are a plethora of topics and trends garnering buzz.

Here are some takeaways from HIMSS 2018.

Consumer Experience

As we heard at the CHIME (College of Healthcare Information Management Executives) CIO Forum, consumer experience took up a lot of the conversational real estate at HIMSS.

The advent of high deductible health plans may have started the drive to consumerism in healthcare, but now there are wearables, retail clinics, telemedicine and other innovations to add to the mix.

Consumers have more choice in how they access care, and expect the same level of engaged patient experience that they have become accustomed to in other areas of their life.

A top priority for healthcare organizations should be making sure their initiatives, technologies and resources are being directed at creating a more engaging and better experience for the patient-as-consumer.

Protecting IOT and Connected Medical Devices

Most of the walkup guests to our booth (thanks for visiting!) had very specific questions about how to adequately protect IoT and connected medical devices — especially with limited resources.

According to Gartner, these devices are expected to proliferate from 6.4 billion 2016 to an estimated 20.8 billion by 2020, and are revolutionizing the process and practice of patient care.

Medical devices have unique security challenges, such as the difficulty of identifying assets, lack of a sophisticated security posture from the device vendor, and the sheer volume of vulnerability management per device.

Before devices began their exponential growth, best practice was to have engineers segment networks to limit the surface area potentially exposed to an attack.

Network segmentation is still best practice but, given the rapid proliferation of devices, it is becoming difficult to keep up with this rapid change.

The promising news is that machine learning technology is now available to build device profiles in real time, without human intervention.

These solutions go on to monitor the behavior of the devices and trigger alerts based on abnormalities. When combined with the right process and supported by the right resources, this approach provides increased visibility and protection for connected medical devices and IoT.

The security governance and accountability for these devices is equally important. Manufacturers can provide support, regulatory requirements can propel a healthcare organization to have some security measures in place, but organizations must develop clarity around who is ultimately responsible for device security.

Clinical Engineering and HIT Come Together

Another medical device takeaway is the increasing collaboration between clinical engineering and HIT departments.

Historically, these teams operated independently, which left the responsibility for security largely lost somewhere between these two teams.

We are beginning to see the silos break down and these teams are coming together. Some health systems are changing organizational charts to drive collaboration, and some are simply putting a process in place for better communication. Regardless of the approach, communication, responsibility, and accountability must be clear to drive results.

Data Storage Moves to the Cloud

More organizations are moving to the cloud.

According to HISTalk in their HIMSS re-cap, “Microsoft, Amazon, and Google have their eyes on earning a chunk of our massive healthcare spending by replacing local data centers with cloud hosting and back-end services.”

While that might seem disruptive to many, the cloud seems a better route for mitigating security risk.

According to Becker’s Healthcare, “cloud service providers have many more highly trained resources at their disposal.”