June 8, 2005
Medical Device Security At Crossroads Of HIPAA, Cybersecurity and EHRs
Healthcare providers face risks beyond HIPAA if they fail to provide adequate security for their medical devices
Healthcare providers face risks beyond HIPAA if they fail to provide adequate security for their medical devices as illustrated in FDA recommendations to the healthcare community. To help healthcare professionals meet the medical equipment security challenges, Melamedia LLC, publishers of Health Information Privacy/Security Alert sponsored:
Real World Strategies for Medical Device Security:
Addressing HIPAA, FDA Guidelines and EHR Planning
FDA alerted healthcare providers to the urgent need to ensure the security of their medical devices and to establish clear lines of communication with device manufacturers. That guidance and FAQ from FDA, along with the HIPAA security and privacy rules and the growing interest in electronic health records (EHRs) raise significant issues over the respective roles of providers, medical device manufacturers and software developers.
Moreover, healthcare providers face significant challenges as they work to comply with HIPAA privacy and security rules. Securing medical devices, while not interfering with clinical functions, data exchange or device maintenance, requires sophisticated, in-depth understanding of the devices.
There are substantially more medical devices that need to be secured than pieces of IT equipment, and they must be made secure in ways that allow providers to have access information in those devices when they need it.
Efforts to secure medical devices also will have a profound effect on the development and adoption of electronic health records. Ensuring the proper operation and integrity of medical equipment is an important component of the National Health Information Infrastructure.
The bottom line is that healthcare providers must assure the security of their medical devices in planning their EHR systems.
The seminar discusses approaches to ensuring medical device security in the context of HIPAA security and FDA guidance documents and in adopting EHRs.
Participants are briefed on:
- How HIPAA and FDA rules create new challenges and risks for healthcare providers;
- Why work done under HIPAA privacy and security rules are not alone enough to address the challenges of medical device security;
- The HIMSS initiative to assist providers in securing their medical devices;
- What role device manufacturers and software developers play in medical device security;
- Strategies for developing and incorporating security policies for medical devices;
- Establishing a time-line and budget for providing security for medical devices; and
- Strategic considerations of medical device security in developing and deploying EHR systems.
Who Should Listen
HIPAA Security Officers
Healthcare IT Managers
EHR Vendors and Professionals
Healthcare Lawyers and Consultants
Local, State and Federal Government Officials
Stephen L. Grimes, FACCE, SHIMSS, Chair of the HIMSS Medical Device Security Workgroup, chair of American College of Clinical Engineering HIPAA Task Force and a senior consultant for Strategic Health Care Technology Associates.
Scott Bolte, Product Security Program Manager, GE Healthcare., Member of HIMSS Medical Device Security Workgroup, NEMA Security & Privacy Committee, NEMA VA/DoD Task Force.
Dennis Melamed, editor of Health Information Privacy/Security Alert.
Continuing Education Credits
- All seminar participants will receive a certificate of participation
- 1.5 IAPP Credits