Healthcare IT Make Security, EMRs a Priority

Healthcare providers are struggling to serve two masters, according to the latest survey by security software maker Imprivata, and unfortunately they’re falling short on both ends.

According to the report (available in PDF format) 76 percent of IT administrators at 600 North American hospitals queried said data breaches or unauthorized access to clinical applications were their biggest concerns.

At the same time, 76 percent reported they were focused on investing in electronic medical records (EMRs), a priority laid forth by the Obama administration and one that pays the most immediate dividends as far as reducing overall healthcare costs and improving patient care and caregiver efficiency.

These dueling agendas — migrating millions of patient records and thousands of outdated computer systems to EMRs and locking down the very networks used by physicians, nurses, insurance companies and patients themselves — has been complicated by new federal regulations requiring increased security and accountability for managing this voluminous personal information.

The Impivata study discovered that 38 percent of hospitals surveyed are still not in compliance with the HITECH Act, a piece of legislation that was included as part of the federal stimulus bill that gives regulatory agencies the teeth to enforce security and privacy components of previously passed HIPAA regulations and standards.

“More than one year after its passage, hospitals continue to be deeply concerned about their ability to meet deadlines imposed on them by the HITECH Act,” Imprivata Chief Marketing Officer Barry Chaiken, said in the report. “Organizations fear security breaches and unauthorized access to patient records, while trying to manage clinical transformation through the deployment of EMR systems to achieve improved care delivery and cost savings.”

Despite respondents repeated claims that they’re terrified by the prospect of making headlines for failing to protect against data breaches, hospitals and medical centers continue are routinely warning patients that their most personal information has been exposed on their watch.

Paying a high price for failing to comply

Whether it’s an innocent mistake such as a physician accidentally posting clinical information to an unsecured page on the hospital website or the outright theft or loss of a laptop, server or portable storage device, hundreds of thousands of patients’ information has already been compromised this year.

That’s precisely why the Department of Health and Human Services (HHS) pushed so hard for harsh penalties and explicit terminology in the HITECH Act passed in February.

Prior to the HITECH Act, HHS could not impose a penalty of more than $100 for each security or privacy violation or $25,000 for all identical violations of the same provision. A covered health care provider, health plan or clearinghouse could also bar the department’s imposition of a civil money penalty by demonstrating that it did not know that it violated the HIPAA rules.

Section 13410(d) of the HITECH Act strengthened the civil money penalty formula by establishing tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision. A covered entity can no longer bar the imposition of a civil money penalty for an unknown violation unless it corrects the violation within 30 days of discovery.

“The department’s implementation of these HITECH Act enforcement provisions will strengthen the HIPAA protections and rights related to an individual’s health information,” Georgina Verdugo, the director of HHS Office for Civil Rights (OCR), said at the time the legislation was approved. “Such heightened vigilance will give consumers greater confidence in the privacy and security of their health information and in the industry’s use of health information technology.”

Other states, most notably California, have enacted their own legislation and penalties to hold healthcare providers to a high standard of IT security and oversight.

In June, five California hospitals were tagged with a total of $675,000 in fines for failing to secure patient data.

From a consumer and patient perspective, the fact that state and federal regulators are ratcheting up the pressure on the industry to safeguard data is reassuring and will likely lead to immediate improvements considering the money at stake.

A recent study by Compass Intelligence predicts that healthcare IT spending will surge to more than $73 billion in 2010 and will grow on at a compounded annual growth rate of 4.5 percent for the next five years to more than $85 billion in 2014.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020