Privacy issues and cybersecurity threats can wreak havoc among healthcare organizations. Malicious agents now seek patient data as frequently as financial information, and the value of a medical record far exceeds that of a stolen credit card. Today, the question facing most security officers is no longer whether a breach will occur, but rather when it will happen and what should be done to mitigate the damage. This new reality necessitates innovative approaches to managing risk and protecting data.

With nearly 6 in 10 hospitals using at least a basic electronic health record, the growing ability to collect and share data offers a plethora of opportunities to improve the delivery and cost of healthcare. Because all data will never be truly secure from prying eyes and parties with malicious intent, participants agree there is a critical need to share information with one another including key challenges, lessons learned, and strategies to protect their companies and the consumer from what can be the devastating fallout of a security breach. However, industry leaders have to overcome a number of organizational and process challenges preventing them from fully participating in proper data access and use. The objective of the committee is to assist eHI in articulating principles and a framework that can help the industry continue to make progress in privacy and security, in particular data access and use. The outputs/recommendations from the discussions will provide a foundation from which information will be shared with the larger healthcare community
 
The group will discuss the importance of cross-industry, intra-industry, and public/private collaboration in effectively addressing the threats to data security. This work focuses on solving five key challenges facing today’s healthcare information privacy and security officials:

1. data security
2. appropriate data sharing
3. granular data control
4. data provenance
5. data matching