Move to electronic health records raises privacy and security concerns

What are the top security and privacy issues facing the healthcare industry in 2011? A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach, and governance were asked to weigh in with their forecasts for 2011.

These experts suggest that as health information exchanges take form, millions of patient records—soon to be available as digital files—will lead to potential unauthorized access, violation of new data breach laws and, more importantly, exposure to the threat of medical and financial identity theft.

These predictions are supported by the recent Ponemon Institute’s Benchmark Study on Patient Privacy and Data Security, published November 2010, which found that data breaches of patient information cost the healthcare industry $6 billion annually; protecting patient data is a low priority for hospitals; and the healthcare industry lags behind the recently enacted HITECH laws.

The top predictions for 2011 include:

1. Health information exchanges, many of which will be launched by inexperienced and understaffed organizations, will force more attention on security and privacy.

2. Increased fines and regulatory action by State Attorneys General and regulatory agencies.

3. Data breaches and associated costs will increase, as penalties for information security negligence are acted on.

4. Hospital governing-boards will exert their power to manage data breach risks in order to increase accountability and fiduciary responsibility.

5. A significant “data spill” is inevitable and will bring national attention to the issue.

6. Heightened patient awareness and concern over the security of their private medical data.

7. The finalization of data breach notification rules by the Department of Health and Human Services could remove the controversial “harm threshold” provision that determines whether notification is required when an incident occurs. If removed, this will create a risk of over notification and desensitization of patients.

Dr. Deborah Peel, M.D., practicing physician and founder of Patient Privacy Rights said: “2011 will be the year that Americans recognize they can’t control personal health information in health IT systems and data exchanges. Will 2011 be the year that data security and privacy are the top of the nation’s agenda? I hope so. The right to privacy is the essential right of individuals in vibrant Democracies. If we don’t do it right in healthcare, we won’t have any privacy in the Digital Age.”