What 'Reasonable' Cybersecurity Standards Might Be

At the end of a series of articles for the Journal of AHIMA that ran from 2015-2019 called “Legal e-Speaking,” I stressed that the trend of increased volume and variety of healthcare-related electronic information—as well as the technologies by which that information is being created, stored, and used—will put a premium on successful governance of health information.

In the past year and a half, due to the pandemic, this has become paramount. Healthcare providers have had to adopt to new or greatly expanded volumes and varieties of electronic information, including those derived from telehealth and virtual meetings, among others. Moreover, providers have encountered and sometimes integrated so-called “ephemeral” messaging apps.

Not only has electronic information become more complex but, during the last year and a half, the United States has seen the enactment of privacy laws at the state level intended to protect personal information. California, New York, and, most recently Virginia, come to mind, as do failed attempts to enact privacy laws in Florida and Washington state. For an overview of these statutes and how healthcare providers might be impacted by them, see the article I co-authored, “State Privacy Laws May Have Implications for Healthcare Providers,” that appeared in the May 2020 issue of the Journal of AHIMA.