Balancing access and security in health IT: A conversation with Perot Systems’ John Hummel

According to a recent survey of the top 100 government contractors, 56 percent rated health care as the number one area their company was looking towards to develop new business opportunities. The Top 100 companies landed $120 billion in prime contracts during 2008 – and of the top twenty, seven mentioned health care IT as being a strategic focus moving forward.

Contractors such as Northrop Grumman and General Dynamics have made strategic hires and acquisitions recently to begin bolstering their health IT offerings. CSC President of North American Public Sector Business James Sheaffer told Washington Technology, “The whole health IT area will start to explode over the next few years.” And companies like IBM, Dell and General Electric are leveraging their deep pockets to offer low financing options to help clinics and physicians ready themselves for Recovery Act stimulus dollars. Nearly $20 million has been set aside for healthcare-related technology in the stimulus package.

Despite this recalibration among government contractors, there are a select few who have had to do very little in order to position themselves as leaders within health IT. Among them is Perot Systems.

Perot Systems has long been recognized as a leader in health care IT, and this year, they ranked number forty on Washington Technology‘s Top 100 contractors of 2008.

Last week, Perot’s Chief Medical Officer Dr. Harry Greenspun said that “Perot Systems has taken a proactive, multi-channel approach to communicating the complexities of the stimulus legislation,” and as a continuation of that conversation, John Hummel, Chief Technology Offer for Perot Systems’ healthcare group, sat down with CivSource to discuss one of the more complex issues facing the healthcare industry today: Privacy.

Mr. Hummel believes that by giving patients more control of their medical information and by enforcing stricter penalties for exposed data, a new trend in security will develop. He is an active member of the CCHIT Commission, National Healthcare IT Policy with NAHIT, HISPY, and HIMSS, among other groups devoted to setting standards and guidelines for privacy and interoperability in health IT.

“The question has always been, ‘How do you provide security and access at the same time?'” Mr. Hummel said. “You have to bargain between reasonable accessibility and reasonable security, while taking into consideration the inherent value [of the data] you are trying to protect.”

john-hummel-headshotFactors beyond encryption and technical lock-down will do more to shape the security industry, Mr. Hummel says, like changes to HIPAA and increased monetary fines for data breaches.

“HHS is trying to get people to take security serious,” Mr. Hummel said. For example, because of modifications to HIPAA in the American Recovery and Reinvestment Act, any breach is monitored for three years and if your organization has a breach of over fifty records, you’ll be fined and placed on, HHS’s “wall of shame.”

In the event of a breach, hospitals and vendors can reduce their fines if they report it immediately to HHS and the Federal Trade Commission. “There’s incentive to report and there’s incentive to manage the problem,” Mr. Hummel continued. “HHS will hang you out to dry if you don’t report right away.”

“There’s now a reason to enforce [HIPAA security requirements] and there’s teeth behind HHS threats in the form of increased fines.” Furthermore, Mr. Hummel says, patients are entitled to a percentage of the fine, if they report acts of non-compliance. “If you put enough teeth and patient advocacy into legislation, security will increase.” But the bigger picture might be how hospitals and vendors react once a breach has occurred.

“No matter how tight you lock [information] down, chances are it will be obtainable at some point, the key is what you do after that.”

Still, information security and interoperability technology will play an important role in health IT. Developments in split data records – data sets that only converge at the point of use – will be one area of focus, Mr. Hummel expects. He also mentioned the importance of tools that can merge home, work and liesure in the kind of ubiquitous manner seen with the iPhone. “If you make the tool too cumbersome, nurses, technicians and doctors won’t adopt it. But tools and interface designs like the iPhone – that kind of tool is the next biggest thing in healthcare.”