The HIMSS13 summit in New Orleans highlighted key issues such as healthcare cybersecurity, data breaches, and healthcare security, all of which are more relevant than ever. Recent changes, including the enforcement of the HIPAA Omnibus Rule—imposing penalties of up to $1.5 million per data breach of Protected Health Information (PHI)—have underscored the importance of securing sensitive data. In addition, the release of Stage 2 Meaningful Use guidelines and the growing shift toward Accountable Care Organizations (ACOs) have made the need for strong electronic health records (EHR) security and secure data exchange even more critical.
Both the push for ACOs and the Stage 2 requirements stress the need for a solid foundation in interoperability and cybersecurity. So, did HIMSS13 move the healthcare industry closer to these essential goals? Whether the progress made is seen as a step forward or not likely depends on your perspective.
THE RECENT PHI SECURITY SITUATION:
a. From 2009 to 2012 there were 495 PHI breaches involving 21 million patient records.
b. The total cost incurred due to these data breaches in healthcare was in the region of $4 billion.
c. Small private practices accounted for about 60% of these breaches.
d. 70% of the data breaches in healthcare were electronic.
e. Annual Data Security in healthcare Risk Analysis was more stringently conducted in hospital settings than in private practices.
KEYNOTES SPEECHES REGARDING DATA SECURITY IN HEALTHCARE AT HIMSS13:
Some of the keynote addresses addressing PHI security had the following insights to offer:
“Providers need to identify and assess risks and threats to data in advance” offered Mr. Braithwaite, who is the chief medical officer for Equifax.
“We often find, when we take a look at physician offices, the technology is not where it needs to be to interface with a hospital. They don’t have the healthcare security they need. They have a server, but they don’t have things like “firewalls” and other necessary technology to set up a VPN or other tunnel“ said Mac McMillian, CEO of CynergisTek.
Mr. Mac McMillian also beautifully summed up the need of the hour in the following: “If I architect my network properly and I determine where that data needs to live, I have less of a footprint I need to encrypt. I first need to figure out where I create my data and where I use it. And from there, I figure out what controls I need to have in place.”
MEDICAL IDENTITY THEFT:
One of the gravest forms of PHI compromise involves what is now known as Medical Identity Theft; the overall costs for this type of Data breaches in healthcare touches a staggering $40 billion with nearly 2 million affected yearly. Of course these breaches do not always happen due to lapses at the provider’s setup, but because of a large black market involving the active trading of medical records.
This market is deemed to be more powerful than the black market for social security numbers. What this theft pertains to is the usage of a person’s medical records and insurance information by the fraudster for undergoing illegal medical care or filing illegal claims. In most situations the patients come to know of the mishap only by looking at the detailed EOB from the payer or when collection agents come knocking on their doors.
NO ONE-SIZE FITS ALL SOLUTION:
What could be reasonably concluded from the conference is that there is no tailor-made security solution that fits everyone, but one needs to envisage a package that depends on the size of one’s operation and what balance one desires between efficiency and security in day-to-day proceedings. E.g. Tony Hudock, Director of Development and Technical Operations at Dignity Health spoke of how Dignity Health went for something called “Managed File Transfer” packages from Axway.
This was essentially a beefed up form of an FTP program, which ensured high security and audit trails. Thus, the hackneyed solution of a networked enterprise EHR software was not the ideal one for Dignity Health. They wanted something that would enable them to occupy a vantage point, such that all data flow could be viewed on a single plane.
So, if you are in confusion as to what security solution best suits your practice, call up your EMR consultant, your medical billing vendor, or your medical coding vendor, or even your RCM (Revenue Cycle Management) services provider, who are surely bound to have a robust system in place.
Frequently Asked Questions
Patient data security is a major focus at HIMSS13 because healthcare providers must protect sensitive information, like medical records and Protected Health Information (PHI), from cyber threats and data breaches. The conference shines a light on strategies and technologies to safeguard Electronic Health Records (EHR) and ensure that patient data remains secure, compliant, and private.
HIMSS13 recognizes the delicate balance between keeping patient data secure and ensuring healthcare providers can access it when needed. The conference stresses the importance of efficient, secure data-sharing practices, like using encrypted cloud services and secure patient portals, to make sure EHR security is maintained while still enabling timely access to medical records.
HIMSS13 helps healthcare professionals by introducing the latest tools and technologies to strengthen healthcare cybersecurity. The conference offers practical solutions and strategies for better protecting medical records, PHI, and EHR systems from potential threats, improving overall data security in healthcare settings.
HIMSS13 is dedicated to promoting effective data security practices to protect against data breaches in healthcare. The event focuses on safeguarding the integrity and confidentiality of sensitive patient information, such as PHI and EHRs, while ensuring that healthcare systems comply with security standards and regulations.
