The DC Chapter of AFCEA held a moderated Defense Health Agency panel discussion on April 26, 2016 focusing on innovative solutions for the military health system.
The panelists were:
- James Craft, Chief Information Officer, Joint Improvised Explosive Device Defeat Organization, Department of Defense
- Steven Hernandez, Chief Information Security Officer, Office of Inspector General, Department of Health and Human Services
- Rose-Marie Nsahlai, Lead IT Security Specialist, Office of the National Coordinator for HIT, Department of Health and Human Services
- Dr. Joseph Lucky Ronzio, Deputy Chief Health Technology Officer, Veterans Health Administration, Department of Veterans Affairs
The main topics of discussion were in relation to Mobile Health Technology, Interoperability and Cybersecurity.
The discussion surrounding Mobile Health Technology focused on empowering the consumer / patient to be more active and collaborative with their providers when making health and wellness choices, and on embracing sensors and telehealth / telemedicine as alternatives to physician office visits. The Deputy CHTO of the VA, Dr. Ronzio, argued that both provide a better patient experience, while lowering costs for all parties. Moving forward, more emphasis will be placed on devices and mobility for both the patient and the provider. NSA, for example, is working on a "thin" encryption that is specifically for health and wellness devices, so the security layer is a lower overhead for the device.
All three agencies placed an emphasis on interoperability with respect to standardization of software and hardware technologies, in order to improve data exchange and communication between the agencies and reduce costs. Companies that provide 90 percent of Electronic Health Records (EHR) used by hospitals nationwide, as well as the top five largest health care systems in the country, have agreed to implement three core commitments:
- Easy and secure consumer access to electronic health information;
- No blocking of electronic health information / to adopt transparency; and,
- To adhere to federally recognized standards and best practices.
Given tightening budgets, all agencies voiced support for innovative solutions, assuming that a new solution replaces antiquated processes and systems, and, most importantly, saves money.
EHR security is one of the top priorities for DOD, HHS and the VA, particularly with the recent high visibility cybersecurity breaches that impacted numerous US hospitals, Anthem and OPM, just to name a few. According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015, almost 100,000,000 health care records have been compromised due to malicious attacks. A patient’s EHR can contain sensitive information such as SSN, addresses, financial and employment information in addition to medications, vaccination records, chronic conditions, etc. By gaining access to a patient’s EHR, a cyberterrorist can pinpoint and act on vulnerabilities such as directed bioterrorism or withholding medication for an individual, including US military personnel. DOD, HHS and the VA are continually looking to partner with organizations that can help mitigate these cybersecurity risks.