The healthcare industry has historically been hesitant to put too much reliance on IT solutions, especially those operated by third-party sources. Given the extensive regulatory oversight on healthcare institutions and the potential consequences of violating data protection standards, it is understandable that these organizations would resist experimenting too much with technological trends that could put their sensitive information in jeopardy.
However, recent technological advances have sparked a new interest in healthcare IT, which, on one hand, has the potential to create a more efficient healthcare system. On the other, it also opens new avenues for data protection threats.
One of the biggest IT trends currently underway in the healthcare industry is the transition to electronic health records (EHRs), which perhaps demonstrates the double-edged sword in healthcare better than any other technology.
The idea behind EHRs is to provide doctors and patients with quick and easy access to medical information. Hosting these medical records online removes the necessity of a patient transferring his or her medical files to a new doctor. It can also give doctors a more accurate knowledge of a patient's medical history, as the records stored online are constantly kept up to date.
In the United States, for example, hospitals and doctors are mandated to incorporate EHRs into their practices by 2015. The Health Information Technology for Economic and Clinical Health (HITECH) Act details several incentives, such as maximum payments for Medicaid, for healthcare practitioners that manage to achieve meaningful use of interoperability in the EHR practices. It also threatens financial penalties for organizations that fail to meet the deadline.
There are several benefits to this approach. For example, medical treatment could be vastly improved, because doctors, regardless of whether they've seen the patient before, will have access to his or her entire medical history, including information about previous injuries and diseases, allergies and more.
It may also reduce instances of insurance fraud and frivolous lawsuits. Presumably, patients would have a harder time misleading insurance providers about what sort of treatments they've undergone, as all parties involved would have access to the same information.
At the same time, however, health organizations must be careful that their IT practices are not putting patient information in danger of being exposed. This is a trend that seems to be moving in the wrong direction lately.
According to the Ponemon Institute's recent Benchmark Study on Patient Privacy and Data Security, data breaches affecting the healthcare industry have increased by 32 percent in the last 12 months. In a survey of 72 healthcare organizations, the study found that 96 percent had suffered at least one data breach in the last two years.
Furthermore, the cost of a data breach in the healthcare industry has increased since 2010. According to the study, the average data breach costs a healthcare organization more than $2.2 million in 2011, an increase of $183,000 from a year ago.
Of course, the use of EHRs isn't the only culprit for the influx of data breaches. Mobile devices, such as smartphones and tablets, as well as a lack of knowledge regarding data security practices have also contributed to the growth.
On the latter, the Ponemon Institute highlighted the need to train healthcare personnel who handle sensitive and confidential information in data security best practices and policies. According to the report, 60 percent of survey respondents do not believe medical billing personnel in their organizations understand the importance of safeguarding patient information, while 58 percent indicate IT personnel do not recognize its importance.
Regarding mobile devices, similar to EHRs, healthcare institutions can benefit immensely from distributing tablets and smartphones to doctors and nurses. These devices can afford greater access to medical data, keep practitioners organized and can even be used to explain certain procedures and treatments to patients.
According to Ponemon, 81 percent of surveyed healthcare organizations currently use mobile devices to send and receive patient data. At the same time, however, nearly 50 percent have no data protection measures in place on these devices.
"A lot of these organizations encourage the use of mobile devices, even personally owned mobile devices, but they don't understand the risk," said Larry Ponemon, founder and chairman of the Ponemon Institute, in an interview with eWeek.
"Unfortunately, these devices are not being secured – they're being left in cabs, on airplanes," added Rick Kam, president and co-founder of ID Experts, which sponsored the study.
Clearly, a number of technological advancements are impacting the healthcare industry in positive ways, and organizations should not be hesitant to embrace these trends to improve their overall operations. However, before doing so, hospitals, doctors and other healthcare institutions must consider the data security implications of new technology and prepare themselves to mitigate the effects of data breaches and avoid the penalties for failing to comply with security regulations.
Data Security News from SimplySecurity.com by Trend Micro