In response to the Government Security News (GSN.com) article: Offense must be the new defense, RSA chief says
From a major cybersecurity conference, “IT systems already are or will be compromised and security efforts must shift to detecting and mitigating compromises and protecting data in compromised systems.”
FLASH: Health data systems are just as compromised as those in every other sector of the economy and government, but it’s rarely mentioned. With the HIT and healthcare industries in denial, who will secure and protect the nation’s electronic health information?
At the same conference a solution was proposed, “the future of security and privacy in a world in which vulnerabilities and exploits are inevitable lies in protecting data through the use of metadata associated with policies that will let creators and owners control data.”
FYI: last year meta-tagging health data to protect privacy was proposed by the President’s Council of Advisors on Science and Technology (PCAST). PPR testified at the HIT Policy Committee in favor of meta-tagging health data. But the HIT and Healthcare lobbies killed it.
It’s back to business as usual: selling and using abysmal health IT systems and data exchanges without effective privacy or security protections — so healthcare corporations, hospitals, health plans, doctors, HIT companies, labs, pharmacies, etc can all use or sell our personal health data for discrimination and other purposes we would never agree to.
It’s time for Congress to support the Administration’s new Consumer Bill of Privacy Rights and put people in control of personal data online and in data systems by requiring robust, existing privacy and consent technologies or meta-tagging. Americans’ longstanding legal and ethical rights to health privacy must be restored so people are willing to participate in electronic health systems.
Without remedies now, “trust in our digital world is at risk.”