Health Care Providers to Self-Police Themselves on Privacy Harm
In an article that hit the web this week, a new DHHS rule is purported to allow health care providers to determine if their privacy breaches have caused any harm. While I understand the nature of assigning the reporting burden to healthcare companies, I don’t think this new rule is in the public’s (or patient’s) best interest. We already know that most complaints related to HIPAA are not investigated. This new provision all but ensures that most breaches will not even be reported.
Let’s not kid ourselves…although we’d all like to think that our health care organizations are worthy of our trust and good faith (and many are), when all is said and done, they are businesses and they need to keep the bottom line in mind at all times. These new “self-service” breach notification rules could put some of us on the unpleasant receiving end of what happens when the fox holds sentry over the chicken coop.
With that said, it’s worth pointing out that in a recent independent survey of several hundred IT practitioners in the healthcare industry, a whopping 80 percent of the respondents reported that their organization had experienced one or more data breaches involving the loss or theft of electronic health information in the past year!
The real solution is stringent monitoring, along with input from an external party, like a privacy ombudsman. This is a model followed today by many press organizations, as well as police departments with regard to misconduct complaints.
Read the full article here: http://bit.ly/4CaTPG
Posted by Lex Van den Berghe on November 19, 2009 in Healthcare | Permalink | Comments (0)
Are IT Security Professionals the Last Line of Defense for Patient Privacy?
By Dominique Levin
EVP Marketing and Strategy
As the national debate about overhauling the $2.5 trillion United States healthcare system rages, the federal government is already investing tens of billions of dollars as part of the stimulus program to push our medical care industry to shift from paper to computer records.
In our rush to computerize patient records to reap the benefits of higher quality of care and safety, and to better control fraud, who is making sure that our private medical records are being protected?
To better understand the issues, we at LogLogic spoke with some of our largest healthcare customers about their steps to bolster patient privacy protection. We also partnered with the independent research firm the Ponemon Institute to survey 542 senior IT practitioners from healthcare organizations with an average of more than 1,000 employees about how secure they believe electronic patient medical records are.
According to the October 2009 Ponemon report, “Electronic Health Information at Risk: A Study of IT Practitioners,” 80 percent of healthcare organizations had experienced at least one incident of lost or stolen electronic health information in the past year – four percent had more than five patient data breaches. More than two-thirds of these healthcare organizations had already digitized at least a quarter of their patient records and a third had digitized more than half.
The most surprising finding was the almost three-quarters of respondents said their organization failed to make patient record protection a priority.
At LogLogic, we think this presents a unique opportunity for IT security professionals to take a leadership role in this critical national issue. There are new rules mandated by the Health Insurance Portability and Accountability Act (HIPAA) that became effective in September that are important steps towards bridging the traditional gap between “Cover Your Ass” compliance and real IT security.
To find out more highlights and read a complete copy of the Ponemon Institute study and the LogLogic healthcare customer survey, please take a moment to register at our site at www.loglogic.com/resources/analyst-reports/ponemon-electronic-health-info-at-risk/
In LogLogic’s interviews with senior security professionals responsible for overseeing the protection of hospital patient records, a consensus emerged that best practices in securing patient privacy go beyond HIPAA compliance. New technologies allow hospitals to more closely monitor and protect patient privacy than ever before. The recent changes in HIPAA also put more stringent requirements on medical organizations to secure patient privacy. Hospital security professionals today have a unique opportunity to be patient privacy heroes.
If you’re in the healthcare industry, do you feel you have a role to play as a privacy hero? Let us know. We want to hear from you.
Posted by Dominique Levin on October 20, 2009 in Healthcare | Permalink | Comments (0)
January 2010
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Categories
Archives
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005