This blog post describes the aftermath of May's WannaCry ransomware epidemic. We are still seeing new victims every day and we want to educate many vulnerable companies around the world.

Breaches and ransomware have reached alarming levels of impact, disruption, and frequency in health and life sciences organizations worldwide. These security incidents tend to affect organizations that are lagging in security, and relatively vulnerable. The Health and Life Sciences Security Readiness Program enables organizations to benchmark their security against the health and life sciences industry, and peer organizations of a similar locale, focus and size. This enables them to see if they are lagging, on par, or ahead of the industry and peers in security, and if they are lagging and relatively vulnerable specifically which security capabilities are they lacking that their peers have. This benchmark includes security maturity, priorities readiness across 8 of the most common types of breaches, and capabilities across 42 key security capabilities. This engagement involves a 1 hour, complementary, confidential workshop. Reports also show participants how their capabilities or gaps relate to HIPAA, NIST, PCI DSS, CIS, GDPR, ISO2700x, ISO80001, and EU MDR 2017/745 regulations, data protection laws, and security standards. Now with over 117 health and life sciences organizations participating in this program across 9 countries, and over 40 industry partners working to scale it worldwide, we invite you to see where your health and life sciences organization stands in security relative to peers and the industry. Any organization that works with sensitive patient information is eligible to participate, including Business Associates and Data Processors. See Intel.com/SecurityReadiness for further details on this program, a sample report, and how to engage.

The mission of the President’s Precision Medicine Initiative (PMI) is to enable a new era of medicine through research, technology, and policies that empower patients, researchers, and providers to work together toward the development of individualized care. Building from the existing PMI Privacy and Trust Principles, this document offers security policy principles and a framework to guide decision-making by organizations conducting or participating in precision medicine activities. Recognizing that there is no “one size fits all” approach to managing data security, this document provides a broad framework for protecting participants’ data and resources in an appropriate and ethical manner that can be tailored to meet organization-specific requirements.

President Obama launched the Precision Medicine Initiative (PMI) in January 2015 to accelerate “biomedical discoveries and provide clinicians with new tools, knowledge, and therapies to select which treatments will work best for which patients.” Precision medicine is enabling a new era of clinical care through research, technology, and policies that empower patients, researchers, and providers to work together toward development of individualized care. Advancing the science of medicine also calls for a change in the culture of medical practice and medical research to engage individuals as active collaborators – not just as patients or research subjects. 

Individuals ability to electronically access their hospitals medical records, perform key tasks is growing. Survey results from July 2016

The Office for Civil Rights (OCR) has published new Health Insurance Portability & Accountability Act of 1996 (HIPAA) Privacy Rule guidance documents as part of a Privacy and Security Toolkit to implement The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework). These new guidance documents discuss how the Privacy Rule can facilitate the electronic exchange of health information.

With eHealth Initiative’s unique position as a neutral entity that brings together representatives across the entire healthcare continuum, the 2020 Roadmap was born with the intention to harmonize the new technologies and models of care in a way that brings about meaningful change that improves population health, increases patient-consumer experiences and lowers costs. eHI members share a unique vision to transform care delivery with patient-centric care by 2020 in 3 key areas: Interoperability, Data Access and Use, and Clinical and Business Motivators.