Healthcare providers face risks beyond HIPAA if they fail to provide adequate security for their medical devices as illustrated in recent FDA recommendations to the healthcare community. Medical Device Security At Crossroads Of HIPAA, Cybersecurity and EHRs can help healthcare professionals meet the medical equipment security challenges.
In January 2005, FDA alerted healthcare providers to the urgent need to ensure the security of their medical devices and to establish clear lines of communication with device manufacturers. That guidance and FAQ from FDA, along with the new HIPAA security and enforcement rules and the growing interest in electronic health records (EHRs) raise significant issues over the respective roles of providers, medical device manufacturers and software developers whose responsibility it is to ensure safe and effective operation of medical devices and reasonable protection of electronic Protected Health Information in the face of security threats.
Moreover, healthcare providers face significant challenges as they work to comply with HIPAA privacy and security rules. Securing medical devices, while not interfering with clinical functions, data exchange or device maintenance, requires sophistical, in-depth understanding of the devices.
There are substantially more medical devices that need to be secured than pieces of IT equipment, and they must be made secure in ways that allow providers to have access information in those devices when they need it.
Efforts to secure medical devices also will have a profound effect on the development and adoption of electronic health records. Ensuring the proper operation and integrity of medical equipment is an important component of the National Health Information Infrastructure.
The bottom line is that healthcare providers must assure the security of their medical devices in planning their EHR systems.
This seminar will discuss approaches to ensuring medical device security in the context of HIPAA security and FDA guidance documents and in adopting EHRs.
Participants will be briefed on:
- How HIPAA and FDA rules create new challenges and risks for healthcare providers
- Why work done under HIPAA privacy and security rules are not alone enough to address the challenges of medical device security
- HIMSS's recently created initiative to assist providers in securing their medical devices
- What role device manufacturers and software developers play in medical device security
- Strategies for developing and incorporating security policies for medical devices
- Establishing a time-line and budget for providing security for medical devices
- Strategic considerations of medical device security in developing and deploying EHR systems
Who Should Attend
- HIPAA Privacy & Security Officers
- Healthcare IT Managers
- Healthcare Providers
- Hospital Administrators
- Clinical Engineers
- Device Manufacturers
- Risk Managers
- EHR Vendors and Professionals
- Healthcare Lawyers and Consultants
- Government Officials
Stephen L. Grimes, FACCE, SHIMSS, Chair of the HIMSS Medical Device Security Workgroup, chair of American College of Clinical Engineering HIPAA Task Force and a senior consultant for Strategic Health Care Technology Associates.
Scott Bolte, Product Security Program Manager, GE Healthcare, Member of HIMSS Medical Device Security Workgroup, NEMA Security & Privacy Committee, NEMA VA/DoD Task Force.