With the growing popularity of exchanging information over mobile devices, 2011 saw data breaches in the healthcare industry like never before. The Department of Health and Human resources had to step in with rigorous investigations and hefty fines for organizations that did not meet the patient privacy requirements. And now that industry experts are projecting the continued rise in the use of mobile devices and social media, healthcare data breach could reach epidemic proportions unless the safety of patient protected health information (PHI) is given some serious thought.
A benchmark study, published by the Ponemon Institute in December 2011, showed that 81% of all healthcare providers surveyed used their mobile devices to gather, store and even exchange PHI. What’s more, 49% accepted that they were not taking any measures to secure their devices. Kirk Nahra, partner at Wiley Rein LLP, goes on to say that class-action lawsuits will rise in 2012 with more and more patients suing healthcare organizations for not ensuring the safety of PHI. CEO and President of Apgar & Associates, Chris Apgar, adds that the use of social media to interact with patients and promote healthcare services might lead to inadvertent risk to PHI. There is also the risk that healthcare employees using social networks could put PHI at risk.
Trends to look out for in 2012
Apart from the risk posed by the growing use of mobile devices and social media, as well as the expected increase in class-action lawsuits in 2012, here are some more trends that ID experts say the healthcare industry to prepare itself for:
•Growing reliance on outsourced services – The economic advantages of outsourcing certain functions to third parties cannot be ignored. From billing to storage of sensitive data, outsourcing is likely to provide solutions that could benefit healthcare organizations. The only thing to keep in mind while selecting an outsourcing partner is to ensure that the HIPAA regulations are adhered to and the risk of data breaches in minimized.
•Mobile is king – According to a CompTIA study published in November 2011, a third of all healthcare providers rely on mobile devices for access to EMRs and EHRs. With the use of smartphones and tablets on the rise, mobile providers will need to focus on a balance between ease of use and data security.
•Rise in HIPAA enforcements – The Office for Civil Rights (OCR) is likely to tighten the enforcement of HIPAA regulations. With more stringent controls, a rise in fines and financial settlements in cases of noncompliance is expected this year.
•Privacy and security training – Although there has been an improvement in the procedures put in place by healthcare organizations, the focus has to shift to ensuring that the staff follows the protocol. One way to ensure this is to implement awareness and training programs annually. This is one area that is likely to receive greater attention in 2012. Risk education becomes all the more important in a segment that is seeing a rise in fraudsters.
•Cyber liability insurance – Given that class-action litigation is expected to rise through the year, more and more healthcare professionals and organizations are looking to protect themselves and their reputation via insurance policies targeted at data/security breach.
•Cloud computing – One effective means of protecting data is via cloud computing. This is becoming an attractive option for healthcare providers due to the economic and security advantages it offers, especially given the rise in Health Information Exchanges (HIE). However, it is important for healthcare organizations to ensure that the service provider is compliant with the HIPAA regulations and that the agreement entered into a carefully written agreement. Some of the advantages that cloud computing offers the healthcare industry include increased scalability and flexibility, superior operations and reduced risk.
On the whole, 2012 is likely to be a year when healthcare organizations need to think of more than just a band-aid for security breaches. Cloud computing, outsourced services and reliance on mobile devices offer greater ease of service delivery. At the same time, the choice of service partner should be thought through carefully to ensure the safety of PHI.