NetWitness' Edward Schwartz on healthcare security

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

Edward Schwartz, chief security officer for IT security firm NetWitness (recently acquired by RSA) on the move to electronic medical records and the impact on security and privacy.

We recently interviewed Edward Schwartz, chief security officer for IT security firm NetWitness (recently acquired by RSA) to get his thoughts on the move to electronic medical records and the impact on the security and privacy of those records. During his extensive career, Schwartz has served in various executive positions for a number of security vendors including CTO of ManTech Security Technologies Corp, SVP of operations of Guardent Inc. and EVP of operations for Predictive Systems. Schwartz also worked as CISO at Nationwide Insurance. CSOonline: How complex are the security challenges facing the health care industry today?

Schwartz: When you think about it, health care is a much more complex process than payments. There are different entities involved in the process: the payers, the providers, labs, administrators, and consumers. Some of the providers are very, very large entities and they could potentially get the attention of the regulators. There are certainly opportunities for consumers to file breach complaints. They could take private action and have some recourse. But what do you do about the mid-tier and smaller providers? They have very little incentive to do security from a regulatory perspective, at least in most places today. And, frankly, where they are adding security to any degree that is useful is going to introduce additional expense to a model that's already ridden with so much expense as it is. I don't see an easy fix to this. And, for consumers, unfortunately the nature of the breach is different. Once your personal health information is made public, you may not be able to get your privacy back.

When it comes to specific security expertise, do you think it makes sense in the healthcare industry for them to outsource traditional security services?

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies