This from the HealthLeaders
Media article here: Cheryl
Clark, for HealthLeaders Media
, April 15, 2015 - http://www.healthleadersmedia.com/print/TEC-315329/6-in-10-Health-Data-Breaches-Due-to-Criminal-Activity.
Find the full
report in the Journal of the American Medical Association here -
HealthLeaders
Media reports -
"Theft,
illegal hacking, and other breaches of protected health information have
compromised 29 million medical records in 949 incidents between 2010 and 2013,
spelling out a crying need for better data security", according to a
report published in JAMA."
According to the study's
author, "theft of paper or electronic records accounted for the
majority" of the incidents. "Protecting the security and privacy of
patient data needs to be a priority in many different venues, and with all
types of patient data, including paper records."
Five states, California, Texas,
Florida, New York, and Illinois, accounted for 34% of all reported breaches.
Of the 949 incidents encompassed within
the study, 273 involved an external vendor, such as a healthcare system
partner, an insurer, or a business that uses the data for analytics or quality
reporting.
Associated with the JAMA
study is an editorial coauthored by David
Blumenthal, MD, of the Commonwealth Fund and former National Coordinator for
the Office of the National Coordinator, that charges that policy makers are
partly to blame.
Find the editorial, also by
Deven McGraw here -
"They should
create stronger penalties and incentives for organizations to be more careful
with the data, [Blumenthal] says, acknowledging that it's a difficult task because
they're "still trying to influence providers and organizations to
understand that we live in a different age."
According to Blumenthal and McGraw,
more than 80% of the data breaches reported by Liu result from a "mundane
and correctible problem: the failure of covered entities to observe what might
be called good data hygiene" such as:
·
Failure to encrypt
their own data
·
Allowing storage
of patients' personal health information on employees' personal
devices
·
Not requiring
sound practices to authenticate authorized users
Complicating the solution
is the lack of clarity provided by federal rules on data protection,
Health Insurance Portability and
Accountability (HIPAA) and the Health Information Technology for Economic
and Clinical Health Acts (HITECH), and the desire of the health care providers
and IT ventures not to be further regulated.
Read the entire
article. It further highlights Blumenthal and McGraw and suggests that if
the federal government doesn't step in, various states will. It ends
with a Blumenthal prediction -
"But I
suspect we'll have some scandals and events that outrage people before this happens.
That's regrettable, but it's the way our democracy works. And in the meantime,
you can pretty much anticipate that due to inattention and lack of care, and to
a lesser extent hacking, there will be large data breaches of increasing size
and concern."
No comments:
Post a Comment