Much has been written about data breaches over the past couple of years as this profitable trend of theft increases. The healthcare industry is no stranger to this; in fact it has been reported that a patient’s healthcare data is worth at least twice as much on the black market as regular consumer data. The big question is, is anyone surprised?
Many businesses (including healthcare organizations) go through great lengths to secure consumer (patient) data. And while that effort is noble and important, we should not go around with rose colored glasses believing that the efforts are failsafe.
One thing that bothers me is seeing vendors claim that their services will make your patient data “secure.” Really? If any healthcare organization believes that, then give me a call about my oceanfront property in Arizona that is for sale. To be more precise, a vendor with great services should claim that it will make your data “more secure.” And if you believe that your data is completely secure, I challenge you to put out a public service announcement or press release touting so. Any takers? No, of course not. Many hackers in the world would love to take you up on that one!
So what can be done? Well, you certainly need to make the attempt to secure the data (unless you look good in orange) because the healthcare industry has numerous laws and regulations requiring you to do so. And no, laws such as HIPAA and HITECH don’t ensure your patient data is secure. Rather, they are the enforcement stick in place so you take appropriate actions to do so.
So, for the patients (and attorneys) in the audience, we should not at all be surprised about patient data breaches or the increasing trend to target patient data. And for those healthcare groups that are making a concerted effort to mitigate risks and spending thousands of dollars every year to do so . . . kudos. Unfortunately, there are some medical groups which still believe it won’t happen to them and they are willing to take the gamble. Those such groups are definitely playing with fire and their time will certainly come. In this day of electronic data, reachable from anywhere in the world, how can it not? And if you choose to take that gamble, then you are indeed justified in receiving the inevitable fate that comes your way. Comply with the laws and make ongoing diligent efforts to secure your patient data. We cannot ask any more than that.
To my readers, feel free to comment on this issue. If you are a vendor, I welcome you to comment as well about this subject and/or about your service offerings. While we may not be able to guarantee that patient data is secure, all healthcare providers should make a concerted effort to do so.
Contact ABISA, a consultancy specializing in solo and small group practice management. Visit us at ABISALLC.com.