Page 12 - Delaware Medical Journal - November 2017
P. 12
An Industry under Siege
was driven to a large extent by the Health Information Technology
for Economic and Clinical Health (HITECH) Act of 2009.
HITECH accelerated EHR adoption by tying government reimbursements for services to
“meaningful use” of EHRs. The move to EHRs was almost inevitable,
however, due to the cost savings and
According to the U.S. Department of Health and Human Services (HHS), from EHRs, including reductions
in medical errors, adverse drug
events and redundant tests, improved communication with physicians, and faster access to care. However, both HITECH and the Health Insurance Portability and Accountability Act (HIPAA) of 1996 recognize the potential security risks associated with electronic data and set standards for protecting PHI with penalties for violations.
That means cybersecurity must go hand in hand with EHR adoption. However, many medical practices, and even large hospitals, struggle to maintain even basic security protocols.
THE HUMAN FACTOR
In a recent study published in Healthcare Informatics Research, 73.6 percent of medical staff admitted that they had used the credentials of another staff member to obtain access to EHRs. More than
half (57.2 percent) admitted to having borrowed someone else’s credentials
an average of 4.75 times. All medical residents, 83 percent of interns and 77 percent of medical students said they had used someone else’s credentials because
Bobbie Brooks
E publishes its Breach Barometer,
a look at data breaches impacting
the health care industry, based upon information compiled by DataBreaches. net. Here’s a sampling of headlines from recent reports:
“Hacking Dominates Breaches, But One Insider Breach Took 14 Years to Discover”
“2017 on Track to Exceed 2016 Trend of ‘One Health Data Breach per Day’”
“Patient Data Irretrievably Lost Due to PHI Breaches”
Not good news.
Data breaches involving protected health information (PHI) have become alarmingly common due to the black-
market value of the data. Although stolen medical records don’t command as high a price as they once did, hackers can still net $10, $50, or even more depending on the type of PHI. A social security number, by contrast, is worth only a dime, and a credit card number a quarter.
The impact on affected individuals is
information is stolen, the consumer can cancel credit cards, close bank accounts, or initiate fraud alerts. It’s a hassle, but not devastating. PHI, on the other hand, includes a wealth of information that cannot be changed, and medical identity
The health care data breach crisis
can be traced to the growing use of electronic health records (EHRs), which
332
Del Med J | November 2017 | Vol. 89 | No. 11