1. 1 HIT Standards Committee Hearing on Health Information Technology Security Issues, Challenges, Threats, and Solutions - Introduction Dixie Baker, SAIC November 19, 2009

2. 22 Hearing Objectives Foundational to “meaningful use” of electronic health records (EHRs) is assuring that individual privacy is protected, and that sensitive and safety-critical health information is protected from unauthorized access, use, corruption, and loss The Office of the National Coordinator is responsible for facilitating the adoption of appropriate standards for protecting health information This hearing seeks inputs from domain experts and health practitioners on potential issues, challenges, threats, and solutions around the securing of health information Testimony and discussion from this hearing will be used as inputs to the Privacy and Security Workgroup’s deliberations and standardization recommendations for 2013 and beyond

3. 3 Panels System Stability and Reliability – Walter Suarez, Moderator Challenges related to maintaining the stability and reliability of electronic health records (EHRs) in the face of natural and technological threats Cybersecurity – Aneesh Chopra, Moderator –Challenges related to maintaining the trustworthiness of EHRs and Health Information Exchanges (HIEs) in the face of cyber threats such as denial of service attacks, malicious software, and failures of internet infrastructure

4. 4 Panels (cont.) Data Theft, Loss, and Misuse – Anne Castro, Moderator Challenges involving accidental loss of data, data theft, extortion and sabotage, including criminal activities and other related areas Building Trust – Steve Findlay, Moderator –Issues and challenges related to building and maintaining trust in the health information technology ecosystem, and the impacts that real and perceived security weaknesses and failures exert on health organizations, individual providers, and consumers

5. 55 Questions to Address Describe organization and approach to security and building trust with business partners and consumers Examples of issues faced and how addressed Trade-off’s made between security and usability, and other operational considerations Security standards used Challenges in implementing standards Role and value of interoperable security standards Limitations and gaps in security standards New and emerging issues

6. 66 Approach Each panelist has submitted written testimony and biographical information For each Panel: –Moderator will introduce panelists –Each panelist will be given 5 minutes for oral testimony –Panelists will respond to questions from HIT Standards Committee members –Moderator will briefly summarize testimony Public comments will be received at the end of the day