Health Providers Beware of the New HITECH Act

Tim Trow, MSIA student

The Health Information Technology for Economic and Clinical Health Act, or more commonly known as the HITECH Act, is part of the American Recovery and Reinvestment Act of 2009. This act appears to put some teeth ino the HIPAA regulation of 1996. The HITECH Act wants to provide some general and specific incentives for companies to adopt the electronic health record (EHR) systems for health organizations. With these incentives also comes greater increased privacy and security protections for consumers and potential increased liability for those that are not in compliance.

There are three main components to the new HITECH Act. They include:

1. Enforcement: Civil penalties have been increased under the new act. These penalties can exceed $250,000, with repeatable violations extending to $1.5 million. The new act also allows a state attorney general to bring an action on behalf of his or her residents. Also, HHS is now required to conduct periodic audits of covered entities and business associates.

2. Notification of breach: HITECH now imposes data breach notification requirements for unauthorized uses and disclosures of PHI. These are similar to the existing state data breach laws. This outlines the importance of this new act and how it is going to react to privacy and security concerns in regards to protection and reporting of known breaches of PII.

3. Business associates: Under the HITECH Act, business associates are now directly "on the compliance hook" since they are required to comply with the safeguards contained in the Security Rule. Most software vendors providing EHR systems will most likely qualify as business associates.

Companies and health providers should take a serious look at their current status in regards to HIPAA and more specifically around the new HITECH Act. There are some great incentives for health organizations that decide to comply with the new HITECH Act. Health providers can start by performing a Gap assessment of their current environment in relation to HIPAA regulations and the HITECH Act. A Gap assessment will provide a roadmap to address any deficiencies and should also include an evaluation of the current information security program that should address the three key components outlined above. A third-party, business associate program should be outlined to address and manage your key business partners. In addition, a formal data breach policy and process needs to be developed and supported by the organization’s leadership team. Lastly, legal and executive management need to understand the consequences and risk associated with not complying with HIPAA and the new HITECH Act.

Last week’s Quiz Question

Question: What is the statue of on the top of the Vermont state capitol dome?   

Answer:  Agriculture (or Ceres)

Winner: Scott Madden

This week’s quiz question

What fact about South Hall makes it unique among Norwich University buildings?

Past winners Andrey N. Chernyaev:  5 wins Matt Bambrick: 3 wins

Dianne Tarpy: 2 wins Bill Lampe: 2 wins Scott Madden: 2 wins

Sam Moore

Autumn Crossett

Gil Varney, Jr.

Glen Calvo

Thomas Reardon

Sherryl Fraser

Srinivas Chandrasekar

Marc Ariano

Linda Rosa

Joanna D'Aquanni

Srinivas Bedre Christian Sandy Joseph Puchalski Ken Desforges

Expert Systems and Cyber Warfare

David R. Lease, Ph.D.

Recently, I participated in a workshop in Brussels to evaluate current cyber warfare tactics and countermeasures; I thought you’d enjoy a short (non-classified) summary of one of the more innovative cyber warfare approaches that was demonstrated.

We often think of cyber warfare as malicious hacking, network attacks, or information theft. We often forget that it is actually a major component of modem warfare. As a case in point, the United States and its allies have spent considerable resources to develop innovative cyber warfare tools and attack methodologies, but these tools and methodologies are rarely integrated or combined with parallel capabilities that could provide warfighters and decision makers with the ability to react to real-world threats in milliseconds rather than hours or days. Consequently, our adversaries are able to use non-traditional means of cyber attacks with a low risk of retaliation or defensive measures being applied.

One of the more promising cyber warfare approaches we evaluated is an expert system that identifies threats in real-time and quickly tracks them to their point of origin through what has been termed “effective obfuscation.” This approach produces real-time attack information and supports both proactive and reactive responses. By providing a capability for warfighters to react quickly, within the scope of their mission and CONOPs, cyber warriors and decision makers can control and dominate the cyber battle space. This expert system also provides commanders and decision makers with the tools necessary to plan and execute the appropriate responses to cyber attacks as well as initiating preventive actions and first-strike responses when warranted.

Expert systems provide autonomous decision-making (based on human reasoning techniques) and real-time problem solving and suggestions to operational users in response to rapidly evolving situations. They are also the basis for training aids such as scenario gaming and actual operational platforms. This capability allows cyber warriors to train on the same system they will use in real-world operations; much like the way pilots train in their weapon system prior to an actual combat operation.

Expert systems are not new. They have been successfully deployed in the commercial space to manage logistics, warehouses, computer-assisted medical procedures, and to provide rapid, unassisted responses to stock market fluctuations. Developed in declarative programming languages, an expert system can be described as a low-level artificial intelligence that allows developers to describe the problem, permitting the computer to determine how the computation is carried out, allowing for back propagation and re-computing when new rules/variables are introduced. Declarative programs re-assess and re-compute problems for the best possible solution.

By adding an expert system to our cyber arsenal to identify threats in real-time and quickly track them to their point of origin, the United States and its allies can improve our proactive and reactive response to cyber warfare.

Last week’s Quiz Question

Question: The first guiding value of Norwich University is that “We are men and women of honor and integrity. We shall not tolerate those who ________________.

Answer: “Lie, cheat, or steal”

Winner: Bill Lampe

This week’s Quiz Question

What is the statue of on the top of the Vermont state capitol dome?

Current competition standings:

Andrey N. Chernyaev: 5 wins
Matt Bambrick: 3 wins
Dianne Tarpy: 2 wins
Bill Lampe: 2 wins
Sam Moore
Autumn Crossett
Gil Varney, Jr.
Glen Calvo
Thomas Reardon
Sherryl Fraser
Srinivas Chandrasekar
Marc Ariano
Linda Rosa
Joanna D'Aquanni
Srinivas Bedre
Christian Sandy
Joseph Puchalski
Scott Madden
Ken Desforges