In this Spotlight edition of The Security Ledger Podcast, sponsored by RSA Security*, the Chief Privacy Officer at Nemours Healthcare, Kevin Haynes, joins us to talk about the fast evolving privacy demands on healthcare firms and how the Chief Privacy Officer role is evolving to address new privacy and security threats.
In just a couple weeks The California Consumer Privacy Act – or CCPA – will take effect. Considered the most comprehensive data privacy law in the country, the CCPA could become a de-facto federal standard akin to the EU’s GDPR, at least in the absence of a matching federal law.
The law, enforcement of which begins in July, 2020, will be a wake up call to many industries that have made a business of collecting, mining and even re-selling their customers data. One industry that is unlikely to be phased by the new requirements, however, is healthcare. That’s because a comprehensive patient data privacy law, HIPAA, has governed that industry for more than two decades.
Healthcare Industry beset by Changes
But the existence of a strong federal data protection law for patient health information doesn’t leave the healthcare industry immune from controversies, risks or questions about the extent of privacy protections. That’s especially true as a new generation of connected medical devices work their way into clinical settings, exposing them to cyber and operational risks in new ways. And, as data hungry firms like Google look to expand their reach into the massive healthcare industry, healthcare firms are needing to balance their interest in new treatments and better customer service against the privacy rights and concerns of their members. Concerns about data privacy and the abuse of medical information, for example, has dogged initiatives like Google’s Project Nightingale since its inception.
The Role of Healthcare CPO: Beyond HIPAA
To learn more about the unique challenges facing healthcare organizations, we invited Kevin Haynes, the Chief Privacy Officer of the Nemours Foundation – a pediatric health provider in six states and the District of Columbia – about how the role of Chief Privacy Officer is changing and adapting to the challenges and threats facing healthcare organizations.
Haynes says that – despite laws like HIPAA and even CCPA- privacy protections in the U.S. are still in their infancy, even as healthcare organizations face challenges as they look to leverage the capabilities of firms like Google.
A key to their success in the current threat environment is getting a better grasp on their risk posture, including the risk(s) posed by third party providers of hardware, software and services, Haynes says.
(*) Disclosure: This podcast and blog post were sponsored by RSA Security for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.