6 steps to keep security issues at bay
April 26, 2013 in Medical Technology
Healthcare institutions should emulate best-of-breed privacy polices developed by financial services firms rather than other hospitals, recommends William Tanenbaum, partner at New York-based technology law firm Kaye Scholer LLP.
When it comes to privacy and data security, healthcare institutions face tremendous exposure to regulatory violations and monetary damages, Tanenbaum said in a news release. Tanenbaum advises clients on a wide range of technology and Internet issues, including data security and privacy.
“Criminals pay more for stolen personal health information than they do for stolen credit card information,” he said. “The top of a medical chart contains all the information needed for identify theft. While better IT is the solution, not all wheels have to be reinvented.”
[See also: Security shortages exacerbating breaches.]
Tannebaum advises hospitals to adopt the IT solutions, privacy and data security procedures and employee education programs that already have been developed and tested by leading financial institutions to protect sensitive personal information in a regulatory environment.
According to a recent study on patient privacy and data security, conducted by the Ponemon Institute, 94 percent of healthcare organizations surveyed suffered at least one data breach in 2011 and 2012, with 45 percent of these organizations actually experiencing more than five data breaches during the same period. Lost devices, employee and third-party error, criminal attacks and technology glitches were listed as a few of the leading causes for the breaches, which Ponemon estimated could be costing the U.S. healthcare industry an average of $7 billion annually.
An April 2013 ITRC Breach Report by the Identity Theft Resource Center showed that in the first three months of 2013, the medical and healthcare sector experienced 58 breaches, or 40 percent of all breaches reported in the country (a total of 562,577 compromised records with 63 percent of them lost). By contrast, ITRC found that so far in 2013 the financial services industry experienced seven breaches, or 5 percent of all reported data breaches, for a total of 14 records compromised and with no records actually lost.
“Customers rightfully worry about protecting sensitive financial information such as social security numbers, and checking and credit card accounts,” says Tanenbaum. “But healthcare data in many ways can be viewed as even more sensitive because electronic medical histories, laboratory tests and prescribed medicines, if compromised, could harm patient health.”
[See also: Top 5 security threats in healthcare.]
According to the Poneman survey, 73 percent of healthcare organizations cited insufficient resources to prevent and find data breaches.