A Health Information Security Breach, Coming Your Way
By Michael VizardEdited by Barbara Lock, MD
July 28, 2009
Chances are that sometime this fall you will receive a notification informing you that your privacy has been breached due to an inadvertent disclosure of some information stored in your health care records.
This doesn’t mean that the security of our health records is getting worse; it just means that the number of organizations that have access to that information are about to become a lot more accountable.
Starting in September, the provision of a new Health Information Technology for Economic and Clinical Health
(HITECH) Act requires any organization doing business with a healthcare organization to comply with the same set of privacy and security standards that healthcare organizations are required to meet under the Heath Insurance Portability and Accountability Act (HIPAA).
Given the sheer number of organizations involved, the number of breaches that will need to be disclosed is bound to increase.
In fact, a new study from Deloitte suggests that healthcare and life sciences organizations are only making modest investments in additional security. While most of these organizations report that their investments in security as a percentage of their overall IT budgets have increased slightly, IT budgets as a whole have declined in the face of ongoing economic pressures.
While there have been some high-profile data breaches involving the health records of celebrities such as Farrah
Fawcett and Britney Spears, the vast majority of breaches are inadvertent mistakes made by internal employees. A data breach can cost as much as $6 million per incident.
According to Doug Pollack, chief marketing officer for ID Experts, an IT services company that coaches organizations on how to comply with regulations such as HITECH and HIPAA, the costs of notifying patients of a breach could be a drop in the bucket compared to lost revenue; because most people don’t have a clear understanding about the implications of a health information security breach, their natural reaction is to just stop doing business with the organization that suffered the breach.
The biggest danger, however, might be that data breaches are just going to become so routine that people become complacent. As people potentially become overly jaded about security breaches, they might do nothing to
protect their personal information once they receive notification of a breach until it’s far too late.
Please read our legal disclaimer.
Write a comment
- Required fields are marked with *.
Bookmark with:
What are these?