052 – The ever-changing world of security and privacy | David Harlow and Niam Yaraghi
On this episode, we welcome back two long-time friends of the show to talk privacy, security and HIPAA. David Harlow and Niam Yaraghi join me and Shahid for a wide-ranging discussion that includes:
- Niam’s recent report: How HIPAA omnibus rules effectively reduced the number of data breaches among health care providers’ business associates
- Europe’s General Data Protection Regulation (GDPR) and how it applies to the U.S. healthcare system.
- The difference between a systems approach and a data approach to security and privacy
- How privacy might be seen as a facet of patient safety and how that could change the approach
- Breaking down myths about the value of stolen health data (and some ways it can be valuable to organized crime)
- Dealing with privacy when the business model is to share (i.e. the Facebook scandal)
- How can we expect privacy when we are the product?
- What can we / should we expect from companies like Facebook when it comes to privacy?
- What is the privacy paradox?
- Will more regulations help or hurt privacy?
- What’s the FTC’s role in all of this? Plus the LabMD saga.
- What’s a digital health startup to do? All 4 panelists give advice to startups on how to deal with security and privacy. Hint: bake it in from scratch. It’s not as hard, or expensive as you think.
About David Harlow
DAVID HARLOW is Principal of The Harlow Group LLC, a health care law and consulting firm based in the Hub of the Universe, Boston, MA. His thirty years’ experience in the public and private sectors affords him a unique perspective on legal, policy and business issues facing the health care community. David is adept at assisting clients in developing new paradigms for their business organizations, relationships and processes so as to maximize the realization of organizational goals in a highly regulated environment, in realms ranging from health data privacy and security to digital health strategy to physician-hospital relationships to facilities development to the avoidance of fraud and abuse. He’s been called “an expert on HIPAA and other health-related law issues [who] knows more than virtually anyone on those topics.” (Forbes.com.) His award-winning blog, HealthBlawg, is highly regarded in both the legal and health policy blogging worlds. David is a charter member of the external Advisory Board of the Mayo Clinic Social Media Network and has served as the Public Policy Chair of the Society for Participatory Medicine, on the Health Law Section Council of the Massachusetts Bar Association and on the Advisory Board of FierceHealthIT. He speaks regularly before health care and legal industry groups on business, policy and legal matters. You should follow him on Twitter.
About Niam Yaraghi
Niam Yaraghi s an assistant professor of Operations and Information Management at the University of Connecticut’s School of Business and a non-resident fellow in the Brookings Institution’s Center for Technology Innovation. His research is focused on the economics of health information technologies. In particular, Niam studies the business models and policy structures that incentivize transparency, interoperability and sharing of health information among patients, providers, payers and regulators. He empirically examines the subsequent impact of such efforts on cost and quality of care. Niam’s ongoing research topics include health information exchange platforms, patient privacy, and healthcare evaluation and rating systems.
He has a B.Sc in Industrial Engineering from the Isfahan University of Technology in Iran, and a M.Sc from the Royal Institute of Technology in Sweden. He received his Ph.D. in Management Science & Systems from the State University of New York at Buffalo.
Niam’s call to action for the listener:
The state of privacy in healthcare is bad, but not as bad as you think! Federal privacy protection rules have helped with protecting privacy of many patients, yet the costs of implementing and complying with such rules are still unclear. We should realize that given the digitization of our lives, the borders around our private information are slowly fading away, and our individual responsibility and awareness about what we share with whom is our best bet in protecting our privacy. ~Niam Yaraghi
- Why You Should Always Be Preparing to Sell Your Company (i.e. build a company that’s worth owning) | Dexter Braff | The Braff Group – Dexter’s take on how to build a valuable company is very relevant to today’s discussion. As Niam said: look at security and privacy as a builder of trust. It’s a business value, not a business expense.
- Sharing Consumer Health Information: Look Before You Leap – This is David’s post on the FTC complaint investigation that effectively put LabMD out of business. It’s an ongoing story with all kinds of lessons for digital health companies dealing with consumer data.
- Grindr breach reveals inadequacy of digital age privacy regulations – Niam breaks down the recent Grindr breach. This is an interesting use case too because it’s a breach born in good intentions for the users. Good intentions do not shield you from privacy obligations and rules.
- A New Story for Healthcare Security and Compliance w/ Niam Yaraghi – and #HCBiz video interview
- Can CPC+ align Physicians, Payers and HealthIT? w/ David Harlow – and #HCBiz video interview
- Trumpcare: Innovation, Speculation and What’s Next w/ Niam Yaraghi – and #HCBiz video interview
Subscribe to Weekly Updates
If you like what we’re doing here, then please consider signing up for our weekly newsletter.
You’ll get one email from me each week detailing:
- New podcast episodes and blog posts.
- Content or ideas that I’ve found valuable in the past week.
- Insider info about the show like stats, upcoming episodes and future plans that I won’t put anywhere else.
Plain text and straight from the heart 🙂 No SPAM or fancy graphics and you can unsubscribe with a single click anytime.
Music by StudioEtar