Government enforcers are taking a stronger stance on healthcare providers, organizations and insurance companies that leak medical information. Often cited as the key to reducing healthcare costs, improving patient care, and eliminating provider communication drops, electronic health records also can be vulnerable to breaches in security, such as Health Insurance Portability and Accountability Act (HIPAA) violations.
The U.S. Department of Health & Human Services (HHS) publicly lists the top offenders who breach medical information of 500 or more individuals, otherwise known as the "Wall of Shame" by healthcare experts, according to the New York Times. On the breach notification list is Health Net, Inc., in California; New York City Health & Hospitals Corporation's North Bronx Healthcare Network; AvMed, Inc., in Florida; Blue Cross Blue Shield Tennessee; and South Shore Hospital in Massachusetts.
The Inspector General of HHS this month identified seven hospitals in New York, California, Illinois, Texas, Massachusetts, Georgia and Missouri that are vulnerable to data breaches. On Friday, the HHS Office of Civil Rights proposed a rule to the HITECH Act in which providers, plans and businesses would be required to provide disclosures about patient information in electronic health records regarding treatment and payment.
"People need to be assured that their health records are secure and private," HHS Secretary Kathleen Sebelius told the Times. "I feel equally strongly that conversion to electronic health records may be one of the most transformative issues in the delivery of health care, lowering medical errors, reducing costs and helping to improve the quality of outcomes."
Approximately 7.8 million patients in the past two years have had their medical records improperly exposed, notes the Times.