HIMSS Study Reveals PHI Breaches Are On The RiseApril 12, 2012
A recent study from HIMSS Analytics and Kroll Advisory Solutions found that medical organizations are far behind with respect to having sound privacy protections in place. The study along with data from The Office for Civil Rights (OCR), the department within The U.S. Department of Health and Human Services (HHS) responsible for enforcing the HIPAA Privacy and Security Rules shows that over the last few years, protected health information (PHI) breaches are increasing at an alarming rate.
Brian Lapidus, Senior Vice President for Kroll Advisory Solutions is quoted in the article link below saying, “But feeling like one is in adherence with policy prescriptions is not the same as actually protecting personal health information (PHI).”
At Environmental Intelligence, we could not agree more. There is so much more to effectively managing the security of an enterprise network from the risk of PHI breaches than just simply deploying a security architecture.
Here are a few more quotes that Mr. Lapidus shares in the article link below:
“Bottom line, organizations have to figure out how they’ll respond to myriad security threats, on many different fronts.”
“Health providers have a lot coming at them.” “They’ve got meaningful use, they’ve got EHR implementations, they’ve got HIPAA requirements” – to say nothing of their normal, day-to-day business of caring for patients.”
“I wouldn’t be so quick to give a pass because people are busy,” he says. “Then that could be the universal excuse for everything. There is a responsibility for these organizations to protect patient data.”
Mr. Lapidus is spot on with his comments. The real question is how can medical organizations effectively mitigate the risks of PHI breaches?
An effective way for medical organizations to manage the responsibility of protecting patients data is to partner with an outside Health IT firm that can support the staff in the development, implementation, and monitoring of a comprehensive data security strategy, policy and routines. Organizations that choose to partner with an outside firm with data security expertise will have the benefit of having an unbiased view of internal systems and processes. This line of sight provides medical organizations with the real-time information necessary to effectively identify vulnerabilities and mitigate security threats to patients PHI data. This is far more effective than the tendency for internal IT teams to look at security strategy and develop a check-the-box solution.
Reality is clinicians and administrative teams are busy focusing on their number one priority – providing the absolute best care to their patients and we believe that’s the way it should be.
The HIMSS Analytics / Kroll Advisory Solutions study article, which contains the link to the study report, can be found here: Breaches epidemic despite efforts at compliance, says Kroll