FREE Health Data Management Site Registration

Sign up today and access the leading source of Health Care I.T. information on the Web. Your FREE site registration entitles you to: Free Health Data Management e-newsletter   Search more than 12,000 articles   Access Web Seminars on a host of I.T. topics   White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues   Podcasts, updates on industry events, and much more!

What Will Stop Data Breaches? "

By Joseph Goedert, News Editor" June 1, 2008

A series of incidents in April called attention to the serious issue of data security.

" * A former employee of New York-Presbyterian/Weill Cornell Medical Center was charged with accessing almost 50,000 patient records over two years—undetected—and selling some of them. "

* Six computer back-up tapes with data on 2.1 million patients at the University of Miami were stolen.

* WellPoint Inc. suffered its third breach of personal information in 18 months.

* A former employee of UCLA Medical Center was charged with accessing medical records of celebrities and selling them to tabloids.

" The April events came on the heels of a January incident, when an unencrypted laptop containing personal information on 300,000 members of Horizon Blue Cross Blue Shield of New Jersey was stolen. "

Whatever happened to pledges from health care organizations to do a better job protecting patient information in light of the HIPAA privacy and security rules?

" Lax federal enforcement of the rules has caused organizations to lower their guards in the years since the rules became effective, argues Dan Rode, vice president of policy and government relations at the American Health Information Management Association in Chicago. "

" AHIMA surveys in recent years have shown a drop-off in funding for training and retraining of employees about the privacy and security rules and how to protect patient data, Rode notes. He suspects, however, that some of that funding is coming back because of the spate of data breaches."

" But market demand for better security is lacking, Rode laments. Consumers are not demanding it, and software vendors are not offering enhanced, built-in security features because customers are not asking for them."

" “There haven’t been serious repercussions outside 15 minutes of fame in the press,” concurs Lynne Dunbrack, program director at Health Industry Insights, a Framingham, Mass.-based market research and advisory firm. “Unless there is enforcement, sadly it will continue to happen.”"

" Health care organizations still have the privacy and security officers that HIPAA mandates, and those folks remain committed to their task, Dunbrack says. But today, it’s far more challenging to get the attention and commitment of senior executives, she adds. “There’s such a focus on the bottom line that any review of privacy and security is onerous.”"

Strengthen HIPAA?

Many data breaches apparently have been the result of actions taken by vendors hired by health care organizations to perform certain tasks.

" These vendors are considered “business associates” under the HIPAA rules. That means they do not fall directly under the rules, but organizations that do, called covered entities, are obligated to make sure their business associates are following the rules’ provisions."

" The HIPAA rules should be expanded to make all holders of protected health information covered entities, says Pam Dixon, executive director of the World Privacy Forum, a San Diego-based research and advocacy firm. "

" “We’re seeing a trend here with business associate problems,” she adds."

" But there’s no appetite in the industry or in Congress to reopen HIPAA, Rode contends. The fear is that tighter provisions would stymie the flow of information, making it more difficult to get patient data where it really needs to go, he explains. "

“It will take a catastrophic event or a grassroots movement to move the industry and Congress.”

" But absent a new commitment to better protection, the promises of electronic health records, personal health records and a national health information network won’t be realized, Rode and others warn. "

" For instance, if PHR data winds up being sold for marketing purposes, “it will destroy trust in PHRs and as a ripple effect destroy trust in EHRs,” Dixon contends. "

" AHIMA and the American Medical Informatics Association are working together to find ways to improve privacy/security training and get the attention of senior management, Rode says. "

" But what would get action is outcry from consumers, he adds. “Right now, it’s little associations like us chipping away at it.”"

" Dunbrack adds: “As patients are more aware that their data is electronically stored, there will be more pressure from consumer groups for more privacy.”"

"(c) 2008 Health Data Management and SourceMedia, Inc. All Rights Reserved."

http://www.healthdatamanagement.com http://www.sourcemedia.com

More Articles

I.T. Spotlights

• About Us
• Advertising/Media Kit
• Reprints
• Editorial Calendar
• Contact Us
• Customer Service
• Privacy Statement

©2008 HealthDataManagement and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.