By Bill Ho
It’s been over 20 years since HIPAA was signed into law in 1996, and it’s becoming increasingly important and complex to comply with. As health care expands its ePHI sharing through better technology and increased demand, the risk of data breaches also escalates. Health care records are more valuable than stolen credit card numbers on the Dark Web, according to a 2016 data breach report from the Ponemon Institute.
While there may be debate on whether health care records are more valuable than financial data, we do know that more than 16 million health care records were exposed last year and this year, we’ve already seen several large breaches and ransomware attacks.
Ad Statistics
Times Displayed: 2388
Times Visited: 37 Keep biomedical devices ready to go, so care teams can be ready to care for patients. GE HealthCare’s ReadySee™ helps overcome frustrations due to lack of network and device visibility, manual troubleshooting, and downtime.
Keeping patient information private is paramount in health care for obvious reasons. Thanks to the 2013 Omnibus Rule, covered entities, and their business associates, have done a better job safeguarding patient data. Since 2013, we’ve seen HIPAA violations decrease, but it’s not enough; breaches are still happening, putting patients and health care providers at serious risk. In fact, these breaches have caused the Office of Civil Rights to investigate over 150,000 complaints between 2003 and 2017, and with fines totaling over $72 million.
It’s time to do more with the “portability” aspect of HIPAA. Medical records, lab tests, and other health information should not only be kept secure, but accessible and easily shared between providers, specialists, and doctors, to better pinpoint and diagnose patients for quicker treatment. Patients should feel confident that healthcare providers handle electronic patient health information properly – and in return, providers need to understand any breach will have a major impact on patient satisfaction. For health care providers, keeping patient satisfaction levels high is critical to ratings for both retention purposes and reimbursements.
Compared to 1996, we’ve seen huge evolutions in technology available today – in large part to the rise of the Internet. With instant access to information, and multiple access points via desktops, tablets, phones, and IoT devices, the once very manual process of extracting medical records and PHI from archaic systems that couldn’t communicate, has nearly transformed into a process of instant access to medical information.
While we are seeing a lot of improvements, especially in EHR systems, which continue to expand and connect more facilities and health care systems, we’re not quite there yet. As health information exchanges have discovered, systems and methods that can facilitate information sharing across different health systems and geographies face many challenges, and there’s a lot to solve – protocols, integration points, APIs, authorization, auditing, and security. These technologies expand the complexity and potential for exposing patient information if not implemented properly. While the Internet and smart devices have provided routes and access points, they have also expanded the attack surface for bad actors.
