Guest post written by S. Joe Bhatia and Rick Kam
S. Joe Bhatia is CEO of the American National Standards Institute, ANSI. Rick Kam is president and co-founder of ID Experts.
You don’t want your personal health information to spread virally around the Internet. Save that for the talking baby videos on YouTube.
The truth is, the electronic health information of millions of patients can be breached in a matter of seconds. As the industry moves from paper records to electronic health records (EHR), protected health information (PHI) is now more susceptible to exposure than ever.
The White House just published the Consumer Privacy Bill of Rights, stating that “trust is essential to maintaining the social and economic benefits that networked technologies bring to the United States and the rest of the world.”
Trust is a precious thing. Trust is the cornerstone of solid doctor-patient relationships. We also trust that our health-care providers will protect our confidential patient information. That trust is at the core of the viability of our health care delivery system. Without it, the entire industry will crumble and put patients at risk. Yet as the industry moves toward EHR adoption, that trust is being seriously tested.
In February 2009, the U.S. Senate passed an $838 billion stimulus bill, in part to enable the digitization of every American’s medical record – a move that President Obama said would improve the quality and lower the cost of health care. To ensure a paperless health care system, the federal government set up financial incentives and a five-year deadline.
With the 2014 deadline approaching, health care industry leaders are at a crossroads. Investment in adopting policies and procedures to better protect patients’ information must increase, yet the boardroom appears to be at odds with the staff responsible for corporate security and privacy.
The stakes are high and the challenge is growing. There are 5,754 registered hospitals in the U.S. with nearly 37 million patients admitted, according to the American Hospital Association. And the number of medical records compromised in the United States nearly doubled from 2010 to 2011, according to Redspin, a consulting firm.
The adoption of electronic health care records magnifies the risks of a data breach in ways that paper records never did. Hacking, theft, or loss of computing devices containing sensitive health information, and the use of unsecured mobile devices all increase the likelihood that a patient’s medical records will be exposed, endangering their physical and financial health.
A group of 100 industry leaders spent the last year examining the huge ramifications that a personal health information breach can have on health care organizations. They came together to offer suggestions for action, and to create a new model that will drive a more meaningful dialogue between those who are protecting vulnerable personal health information and corporate leadership. The report The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security enables health care organizations to make a business case for appropriate investments to better protect PHI. It is available for free download at webstore.ansi.org/phi.
The entire health care ecosystem – health care organizations, health plans, providers, payers, and support services – must take action to evaluate the “at risk” value of the protected health information with which they are entrusted, in order to determine the proper level of investment in their security initiatives. And they must do it before the trust erodes.
No comments:
Post a Comment