We have to create a authorized framework that acknowledges the public-safety curiosity within the ongoing reliability, safety and stability of the operations of health-care expertise corporations. If Change Healthcare had been Change Airways, and controlled accordingly, there could be a Nationwide Transportation Security Board inquiry into the occasions main as much as the assault and shutdown of the corporate’s techniques.
There ought to be a Nationwide Cyber Catastrophe Response Workforce to supervise and help with restoration of providers after assaults like these, a lot as first responders may be mobilized in response to pure disasters. There ought to be an outlined and preexisting framework for responding to important outages in health-care expertise providers, together with monetary and regulatory reduction for suppliers and necessities that insurers pay claims for prescriptions and medical therapies given in good religion.
The health-care expertise trade is probably going to withstand the prospect of further regulation. Nonetheless, that trade obtained monumental profit when the federal government handed it a captive market in 2009. The Well being Data Expertise for Financial and Scientific Well being Act was meant to extend the variety of jobs in software program and expertise, whereas enhancing high quality, security and effectivity in well being care. The legislation provided monetary incentives to physicians and hospitals in the event that they used digital well being data techniques, adopted by penalties for failure to make use of these techniques. We anticipate a excessive stage of duty from well being care, however HITECH required well being care to depend on corporations with out that very same stage of public duty. It’s time to change that.
Cathleen Gould, Oak Park, In poor health.
The devastation to health-care suppliers giant and small and their sufferers brought on by the cyberattack on a UnitedHealth Group subsidiary ought to give us all pause.
Cyber occasions, together with ransomware assaults by terrorist risk actors, are a continuous hazard to the health-care ecosystem. The most effective data expertise techniques within the land can’t cease such intrusions totally as a result of human error, maybe within the type of a conscientious worker clicking on a hyperlink in the midst of studying an e mail message, is inevitable in any enterprise setting.
This doesn’t imply a corporation can’t be prepared for such an assault. Maximize redundancy. Construct a number of off-site steady information backups. Have emergency assets on the prepared, reminiscent of funds to advance to clients or purchasers. And most vital of all: Construct a disaster communications plan that particularly prepares for the highest-magnitude cyber occasion.
The remainder of us should additionally take into account the draw back of permitting anybody well being enterprise to get so giant that the collapse of its expertise can convey hurt to so many suppliers and sufferers.
David A. Ball, Newton, Mass.
