There may be new cause for electronic health records compliance to speed up and not just because federal regulations require healthcare providers meet EMRAM guidelines by 2015. A recent data breach in California is highlighting the ongoing problem of outdated data storage and transfer methods in the fight to maintain data security.
The Los Angeles Times reported that a transfer of private information regarding California's In-Home Supportive Services (IHSS) program resulted in the leak of potentially 700,000 employees and care recipients' personal data, including names, wages, social security numbers and other information being lost or stolen. The incident occurred when IHSS' data storage partner Hewlett Packard sent a packet of information to the Department of Social Services' Riverside, CA office.
Half the individuals potentially facing fallout from this event are recipients of service, meaning they are physically disabled, elderly or blind. Deborah Doctor of Disability Rights California said in an interview with the Los Angeles Times that most recipients will not be able to protect themselves due to these limitations, plus English isn't necessarily their first language, adding to the complications.
The data was sent in the form of microfiche slides and arrived damaged and incomplete, leading the state to contact local law enforcement and initiate an internal investigation to try and locate the missing documentation. At present, DSS and IHSS are not certain if the information has been stolen or is merely lost. This incident is bad but not quite as awful as when California's Department of Child Support Services lost data on around 800,000 children and adults involved with the DCSS when a number of backup tape drives disappeared from a FedEx truck.
"It's hard for us to believe that in one of the largest states in the union, we're using such an antiquated system," said Steve Mehlman who represents one of the unions for the affected IHSS workers. "It clearly needs to be modified."
The Electronic Medical Record Adoption Model put forth by HIMSS Analytics has been supported by Medicare and other federal agencies who are helping to oversee the move of hospital and healthcare providers to electronic health records. Not only would this improve information security on all levels but would also increase communication between physicians and patients. According to HIMSS, only about 30 percent of all medical facilities have gotten even half way through the process meaning they aren't necessarily moving any form of electronic documents. Most providers say the process is too expensive, and with California still poised to cut funding to public medical services, it may be even harder to ensure data security as time goes by.
California governor Jerry Brown is still seemingly going ahead with budget cuts for DSS programs even though the department has had two major data breaches within the last three months. The governor said in a statement about the cuts, "When you have unsustainable policies, you have unsustainable budgets." Unfortunately, it seems the California DSS data infrastructure is already not sustaining its data security, and as long as data leaks continue, more citizens will suffer.
In both the DCSS and IHSS data loss incidents where poor data protection was at fault, the agencies took measures to notify those who could potentially have been affected, but the information may never be recovered. To stop these kinds of breaches from happening, California will need to review its content security and third party services to make sure they are taking their citizens' best interests into account, even if budgeting is in contention.