HIPAA is ridiculously strict and incredibly vague
(PRWEB) June 10, 2014
The article revealed that the Internet connection serving all Boston-area hospitals is attacked about every seven seconds, prompting Beth Israel Deaconess Medical Center to block about 98 percent of incoming emails, the hospital’s chief information officer, Dr. John Halamka, said.
“Most often, people do this in Eastern Europe and China because they want to use it as a spam relay.” Of much greater concern, Halamka said, is organized crime involving the theft and sale of electronic medical records to people who may use those records to pay for operations and treatment. Other thieves may use the data to falsify drug prescriptions or to steal a doctor’s license number. A single patient's medical record is worth $50 on the black market, according to a panel of cyber security specialists at the Digital Health Conference held in 2011.
The Ponemon Institute released a survey on this topic in March 2014. That survey found that criminal attacks have surged in the past four years, from accounting for 27 percent of health care data breaches in 2011 to 40 percent this year.
Protecting Personal Health Information (PHI) has become exceedingly complex as health systems convert from paper records to electronic. There are literally hundreds of ways patient information can be compromised and the tools we are provided are generally inadequate to meet regulations as required by HIPAA. (HIPAA stands for the Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patient’s healthcare information.)
Versio by ScribeRight (Versio) has been in the clinical documentation industry for over 14 years. As CEO, Lisa Pike, has said, “HIPAA is ridiculously strict and incredibly vague.” This strict/vague conundrum has some organizations over-compensating and others not being careful enough, albeit unwittingly. “At Versio, we take PHI security very seriously. Our mission is to ensure that every patient has an accurate health record and that organizations can count on us to keep those records secure,” said Ms. Pike
The Director of Technical Services for Versio, Thom Steinert, shared some thoughts regarding data security.
Q: What do you see as the biggest threat to data security in any organization?
TS: Unfortunately, people are the weak link in security. Much of the time lack of training and awareness is to blame, but even authorized users are subject to being careless.
Q: What are some simple steps to ensuring data security is top-of-mind in the organization?
TS: Develop an in-house awareness program. Broadcast security reminders regularly and plan training sessions to occur at scheduled intervals.
Q: How often should an organization review their data security policies?
TS: At least annually. There is constantly an opportunity to learn new ways to avoid threats.
Q: What kinds of threats we will see more of in the future?
TS: I see the biggest threat downstream will come from social media such as Facebook, etc. There are no more barriers to what individuals will put online so the trend toward carelessness will continue to amplify.
Q: What are some resources organizations can tap into for information on best practices?
TS: Stay in touch with counterparts in the industry and pay attention to trends. Many companies find that outsourcing to data security professionals brings expertise to the organization they might not find locally.
About Versio: The Renton firm has been at the forefront of quality healthcare documentation since it was established as ScribeRight Transcription Agency in 2000, and it continues to meet the dynamic needs of the industry today. The company has adopted the new name Versio to reflect the company’s expanded service offerings. Medical data are full of inconsistencies that make it nearly impossible for conventional technology to convert it accurately. The Versio program utilizes a suite of proprietary technologies and processes, combined with detailed human review in the form of knowledgeable and experienced medical data translation specialists. This hybrid approach forms an extra layer of quality control, providing clients with results that are unmatched in the industry. The process can also be applied to paper medical records.
For additional information regarding Versio, visit http://www.myVersio.com
*1Szaniszlo, Marie. "Hospital on Defense for Cyber-Attacks." . Boston Herald, 1 Apr. 2014. http://bostonherald.com/business/healthcare/2014/03/hospital_on_defense_for_cyber_attacks