There are stories on both sides of the fence here but the big privacy issues and breaches today all seem to revolve around heath insurance breaches with their systems and not the providers. Provider breaches are pretty much paper records that don’t get shredded. You can’t help but think that providers are a bit shy about the entire electronic exchange and integration with new stories appearing each month with insurers. Most of the EHR software companies by comparison seem to have a pretty good lock on security and privacy although they are not 100% perfect, but we are seeing less exposure from the medical records software and more from the insurers.
In the news lately we had the vendor of Blue Cross that basically had some bad programming that exposed personal records and were met with a lawsuit from an individual who found her records online.
Anthem Blue Cross Security Breach Occurred During System Upgrade – Information Accessed by Attorneys Looking for Information Relative to Lawsuits With Carrier
Last year Blue Cross had exposed the identities of doctors all across the US. We are into the data age like it or not and when errors and miscalculations happen from their side of the fence, we get to hear “whoops” and we will fix it, so what other part of healthcare gets away with this?
When it comes to privacy, something also being over looked is the actions and use of data with health insurance company subsidiaries, and they will share somehow is this means profit dollars to have information available from one subsidiary that does one thing to another that does something else. You might be surprised to see where health insurers are going today with their investments, like buying a Chinese Gateway company to bring more Chinese drugs/devices to the US. The link below has a pretty good summary of some of the subsidiary actions, which all lay money down to their bottom line profits.
Consumer Watchdog Warns Sebelius on Health Insurers – Good Reason for This as Insurer Subsidiaries Are in The Game to Play Just As Private Equity Groups Diversify and Collaborate Holdings
I think until the payer side reaches a higher level of competency with security to build confidence, the providers and patients will continue with the standard mode of not trusting and for good reason. We have a glut of analysis/medical billing organizations taking big chunks of money that goes from point A to point B and yes some of this is needed, but about 25% of what we use today for medical processing might be sufficient. Granted people would lose jobs, but in the long run we would end up with less spending on transactions for each claim and everyone would win there. This is the side of healthcare that really needs to be addressed both for security and for saving money. BD
Last year’s HITECH Act toughened the rules and enforcement penalties health information handlers must follow to protect patient privacy.
Under the new policy regime, providers will have to pay more attention to the confidentiality and safety of patient information as they move more of their operations toward electronic health record-keeping
Without sound security policies and practices, privacy “will be just a principle,” said Sue McAndrew, deputy director for privacy in the Office of Civil Rights, the Health and Human Services Department office that was given responsibility for health privacy and security policy under the new law.
Even so, such practices must now be the order of the day under the new privacy and security framework. “The security rule says wherever you have electronic health information, you need to protect it,” said HIMSS’s Gallagher. “You may not even apply for meaningful use incentives. But if you’re keeping data in electronic form, you have to comply with the security rule.”