As more patient information is funneled into online exchanges, more issues will arise, according to top healthcare IT experts, who were asked to offer insights on the most significant privacy trends for 2011. Novice or overworked employees launching said exchanges will be a big factor in just how many breaches occur, they believe, according to data breach prevention specialists ID Experts.
Other predictions made for this year include an increase in fines and regulatory actions due to the increased breaches and cost increases due to a rise in penalties. Experts also anticipate a major data spill that will garner nationwide attention.
"Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, whose November 2010 study on patient privacy provides the backbone for several of the predictions. "Information security in the healthcare industry is at the fulcrum of economic, technological and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges--but it must."
In an interview with IT Business Edge blogger Sue Marquette Poremba, Jack Hembrough, CEO of online communications company VaporStream, said he thinks a "uniform system for secure messages" is necessary to improve security, for personal mobile devices like tablets and smartphones.
"As more health systems make the transition to electronic health records [EHRs], the need to have security measures around the sharing of potential records and who can access them is crucial," Hembrough said. "Access to the EHRs and personally identifiable information [PII] from personal mobile devices should be restricted to specific employees who have been given individual sign-in credentials."
Sandeep Tiwari, CEO of provider information security company Zafesoft and one of the other panelists interviewed by ID Experts, agrees, and thinks such issues are destined to grow more complex.
"In the case of [personal health information/PII] the laws were ahead of the technology," he said. "To date, there have been no secure audit trails, which impacts the effectiveness of the laws. If we can't track how and when private and personal information is accessed, we will never secure it."
To learn more:
- here's the ID Experts press release
- read this IT Business Edge blog post