A new benchmark study on Patient Privacy and Data Security put out by the Ponemon Institute seems to indicate that roughly $12B dollars have been lost due to data breaches in US hospitals over the last two years alone. This is almost $1M per organization per year during the course of the study. Passed as part of the 2009 economic recovery act, the HITECH act (Health Information Technology for Economic and Clinical Health Act) was supposed to beef-up and add some real bite to HIPAA (Health Insurance Portability and Accountability Act -1996). The primary purpose of HIPAA was to assure that personal information security and privacy concerns are addressed while allowing healthcare professionals access to the flows of information necessary to insure informed quality care of the individual. Despite these efforts to establish and strengthen the federal legal statutes and enforcement, this study finds that there are still gaping holes in our information security systems in the healthcare industry.
This field benchmarking study concerns me greatly as it is looking behind the curtain at the particular industry I am working to enter. Despite much industry and state/federal regulator press releases, health information security just doesn't seem to be that big an issue for most hospitals and healthcare facilities. Few actual prosecutions for federal HIPAA violations have occurred, much less from the violations of State information security regulations (with acknowledgement that some states are seemingly stepping up notably California) and those prosecutions which have occurred are predominantly aimed at the health insurance industry rather than at hospitals. The study indicated that even many of the larger hospitals only have one or two employees who are dedicated to handling information security issues, and many these are general IT people who have had little, or no, real training in Health Information, HIPAA or the unique security issues associated with medical records and information. I feel the societal need for the skills and training I’ve acquired, unfortunately, until society recognizes that need; I’m left wondering what direction my career is taking!
This field benchmarking study concerns me greatly as it is looking behind the curtain at the particular industry I am working to enter. Despite much industry and state/federal regulator press releases, health information security just doesn't seem to be that big an issue for most hospitals and healthcare facilities. Few actual prosecutions for federal HIPAA violations have occurred, much less from the violations of State information security regulations (with acknowledgement that some states are seemingly stepping up notably California) and those prosecutions which have occurred are predominantly aimed at the health insurance industry rather than at hospitals. The study indicated that even many of the larger hospitals only have one or two employees who are dedicated to handling information security issues, and many these are general IT people who have had little, or no, real training in Health Information, HIPAA or the unique security issues associated with medical records and information. I feel the societal need for the skills and training I’ve acquired, unfortunately, until society recognizes that need; I’m left wondering what direction my career is taking!
No comments:
Post a Comment