Push For Electronic Medical Records Must Slow Down - Howard Schmidt, Former White House Security Czar Advises for Secure Applications

This is in fact a good question, are we rushing to get the money available and perhaps pushing matters a bit to fast. I post enough security breach stories on here that somewhat encourages me to agree with the basis of this. Having written a bit of code myself, I know what happens when the pressure is on to meet client demands, code that is maybe not ready for prime time. The focus from a developer is to keep the customer happy with functionality as this is what sells software, but then again there is the security issue and the 2 must go hand in hand. Speaking only for me, I would address and create the functionality first, and then go back and look for security loopholes that were maybe missed or overlooked. Ask anyone who writes and we all face this as nobody gets it perfect out of the shoot the first time. That is why we have “beta” testers to find what the coders missed or did not foresee from their side of being the creator.

This happens all the time as the creator or programmers don’t really know how everything, even with a multitude of testing internally, until it is released for the outside world and customers to start working with it as there are so many variables that come up, things that a group misses as the different areas of focus from a creator and end user differ, not a bad thing, it’s just the way it is and has been for years, and not much will change there either, as it still humans writing code. The good thing though is once software has gone through some extreme data testing, it gets better.

Today there are many additional variables to work with, Web 2.0 and all the areas need to come together, so now it really is a team effort all the way around. As with anything in life, when things are rushed, and we are all still human, the margin for errors rises, so thus, this is a good area to ponder, are we perhaps moving a little too fast in some of these areas? The comparison made on the creation of Vista used is a good analogy, sure it was delayed, but we are better off waiting to have a good product rather than one with too many bugs.

So again, in the pursuit of creating a medical records system in the US that talks and communicates, are we maybe moving a tad bit to fast in some areas and maybe not addressing security at the highest levels? BD

Among the many new provisions the American Recovery and Reinvestment Act (ARRA), is federal funding for electronic medical records. Known as HITECH, the law gives incentives to healthcare organizations to digitize personal health information before 2020. Lost in the rush, however, are the details.

"I look forward to medical records going electronic," said Howard Schmidt, the former White House cybersecurity czar, "but I have a tremendous amount of concern about building a really, really good healthcare infrastructure … and then securing it later." Schmidt spoke with PCWorld at RSA 2009.

Schmidt recalled how people faulted Microsoft, where he worked in the late 1990s, for delaying Windows Vista many times. "We would criticize [Microsoft] if they shipped [Vista] and it had more problems than it does now. So we have to remember that having a timetable is nice," but he cautioned that any timetable should also have some built-in limits and safeguards. That currently isn't the case with HITECH, which awards the bulk of its financial incentives within the first few years.

Push For Electronic Medical Records Must Slow Down, For Security's Sake - Business Center - PC World

Related Reading: