Severino vows to protect and serve health IT as data thieves ramp up attacks
Roger Severino on Thursday described himself as the top cop of health IT. And with the sector facing rising security threats, he’s taking it seriously.
“I came into this job with an enforcement mindset,” the new director of Department of Health and Human Services Office for Civil Rights said during his brief morning session on Thursday and Health Datapalooza in Washington, D.C. “Congress established OCR to adapt to new technology -- and to protect it.”
At the forefront of Severino’s mind was reiterating the need for a culture of trust to support the safe exchange of health data. He encouraged the audience to be vocal about their concerns and to make suggestions about where the agency can improve.
“We’re here because we’re about making health better,” said Severino. “We want to make health IT work for physicians, promote interoperability and safeguard data from falling into the wrong hands.”
When Congress passed the HITECH Act in 2009, it was designed to unleash the power of the electronic health record, empower consumers and jumpstart the big data revolution, he said. But in passing the law, it also significantly increased the penalties for HIPAA violations.
“Security with data is essential, and is a foundation for data sharing,” said Severino. “Health data, user interoperability and privacy and security all run together.”
Severino highlighted the most recent OCR settlement with CardioNet for $2.5 million as an example of how important it is for organizations to safeguard patient data and take reasonable steps to ensure confidentiality.
Ransomware was also top of mind, as the “data may be compromised, destroyed, gone forever -- and it’s very likely the organization will have to report it to OCR.”
“There’s also the bigger picture behind this: the people affected,” Severino said.
OCR is taking to steps to ensure organizations recognize the differences between covered entities and those that are not, what information can be disclosed, and provide assistance on how “new and emerging technologies and apps can actually work within the rules to share information and provide information to consumers, while protecting patients and privacy,” he said.
“We’re here to enlist and adapt to emerging situations.”