HLM: In terms of privacy and security, there have been so many breaches. How are you going to bring everything under one umbrella and make this all happen?
Mostashari: It has to be a shared responsibility, so we have to work with our partners. That's the only way we're going to be able to succeed. People trust their doctors and one of the things they trust their doctors for is to keep their record secure. That goes back to the Hippocratic Oath.
We're working with doctors, hospitals and clinics all over the country to have them learn the best practices, to make sure they are meeting the HIPAA security standards, and to mitigate risks so they don't put patient data in harm's way. It's simple things like making sure if there's data on a laptop then the laptop is encrypted, so if stuff is stolen or lost you don't have a breach of privacy.
There's also the important partnerships. The Office of Civil Rights enforces those breaches and makes sure that if there is willful disregard on the part of a covered entity for protecting that information that enforcement takes place. There have been literally millions of dollars in fines levied against organizations.
The new protections under the HITECH Act mean not only do they have to pay higher fines but they literally have to alert the media and the patients if they have a significant breach of patient records. We're working with vendors to make sure they have the capabilities within certified electronic health records to do the encryption, to make sure there are audit trails that track who opens a file, and to make sure access is protected so that clerical workers don't have to see the clinical data to do their job.
These are just some of the things we are doing with our partners to get all hands on deck to protect the privacy and security of patient information.