healthcare

After spending last week at the HIMSS (Healthcare and Information Management Systems Society) conference in Atlanta, I came away with some good information and some interesting observations.

Unlike most vendors who work with hospitals, I was not there to exhibit. I was an attendee, and I go to get the latest information regarding healthcare IT and security. Some of the topics in the education sessions are more important to me than others, but that's the great thing about this conference - you get to pick what classes you go to and there's a wide variety.

Most attendees upon learning I was not exhibiting would ask "Why are you attending?" My answer is an emphatic "The real question is, why are your other vendors NOT attending?" If you are going to manage terabytes of healthcare information, I believe this conference is a must. They cover everything from "Meaningful Use" (which I'm not as interested in) to "HITECH Security" which everyone should be interested in.

Chris Thorman over at Software Advice has posted a survey about tablet use in the Healthcare industry.

It will be interesting to see the results of it.

I've been pouring over the HHS finalized guidance on acceptable conditions for data encryption of PHI. One interesting section reads:

Valid encryption processes for data at rest are consistent with NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices.

Data at rest, meaning the data being stored in a hospital server / datacenter. With one interpretation, given the wide range of technologies and systems out there, this will eliminate in my opinion about 95% of the products out there as valid players. With another interpretation, it provides no additional security at all.

For instance:

Based on the wording I've seen so far, I could use whole-disk encryption to state that health information on my server at rest is stored in an encrypted form and is compliant. However, this only protects the information if the machine is physically stolen - as long as the server is running, an external hacker could get access to everything, because the operating system will be decrypting data on the fly.

But, placing that server in a physically secured location already provides 100% better security that the storage of patient record with relation to physical theft. Hard drive encryption really provides no additional security.

Yesterday, the House voted to approve a bill to increase healthcare programs for underprivileged children. This is to be funded in part by increasing taxes on tobacco products, increasing the federal tax on cigarettes to $1 per pack. President Bush had vetoed similar bills twice, and they say this very well might be the first bill put in front of President Elect Obama to sign.

Is this a good thing? I think so. Unlike proceeds from state lotteries going to schools as an excuse for the lottery, this is not a government sponsored addiction. I see this as another incentive for those smoking to stop smoking, and for those who don't smoke to never start. If the price of admission to tobacco is high enough, many people may decide it's not worth it. Sure, there are going to be those who would do anything for a cigarette, including knock over the local gas station, but I believe the majority of those using tobacco products could reach a threshold where the pain of purchasing the products exceeds the desire to have them and they either cut back, stop entirely, or seek help to stop.

I think this same concept could be taken even a step further. Find other items that damage our collective health and increase the taxes on them over time. Add a 5% tax to junk food and use the proceeds to help pay healthcare. Add a 10% tax on products with high fructose corn syrup, and use it to pay for diabetes research and treatment, or perhaps to provide tax breaks to fitness centers to encourage lower membership costs.

All the education in the world hasn't stopped obesity from growing rampant. Making healthy products less expensive and unhealthy products more expensive is the best tool the Government has to help us collectively get fit. I live in West Virginia with it's amazing outdoor recreation. We have some of the best hiking and biking trails in the nation, amazing white water rafting, and the second highest obesity rate in the nation. It doesn't really make sense, does it?