Healthcare privacy regulations are getting more stringent, and the industry isn't ready.
HEALTHCARE PRIVACY regulations are getting more stringent, and the industry isn't ready. That's the thumbnail version of a new report by the Deloitte Center for Health Solutions.
"It's a major shift in the scope of where the law applies," says Mark Ford, a Deloitte & Touche principal.
THEFT MORE COMMON THAN LOSS
Given the nature of personal information healthcare organizations collect, it's no surprise regulators are working to tighten security. Given the type of information health organizations collect, including Social Security numbers, insurance identification numbers, payment information and medical provider identification numbers, data fraud and identity theft represent huge risks. Indeed, breaches involving theft are four times as frequent as breaches involving loss or unauthorized access, the second and third most frequent types of breaches, according to the Deloitte report.
While organizations need to thoroughly assess security risks and put comprehensive policies and procedures in place, Ford says implementing, communicating and enforcing a handful of simple security measures can make a big dent in the problem. He notes that laptops are by far the most common location for security breaches because these devices are easily lost or stolen. Using an encryption program and implementing and strong security mechanisms can "help protect people from themselves," Ford says.
A more thorough fix requires stakeholders to assess their current preparedness. Many healthcare organizations are inadequately prepared for privacy and security risks because they lack resources, internal control over patient information or upper management support, according to the report. Others rely on outdated policies and procedures, fail to adhere to current policies or inadequately train their employees.
To stay on the right side of HITECH, Deloitte recommends stakeholders identify and assess their data security risks; develop and implement a security and privacy plan; and communicate organizational expectations and conduct employee training. Finally, organizations must verify that they are conforming to their own policy standards.
"Some of these things are fairly tactical in nature," says Deborah Golden, also a principal. "How do you address a security breach? It may be as simple as gaining a better understanding of your vulnerabilities. The key is sustaining that understanding so you're not constantly in a reactive mode so that you're thinking more strategically and have people and a process in place."
-Shelly Reese
In this latest episode of Tuning In to the C-Suite podcast, Briana Contreras, an editor with MHE had the pleasure of meeting Loren McCaghy, director of consulting, health and consumer engagement and product insight at Accenture, to discuss the organization's latest report on U.S. consumers switching healthcare providers and insurance payers.
Listen
In our latest "Meet the Board" podcast episode, Managed Healthcare Executive Editors caught up with editorial advisory board member, Eric Hunter, CEO of CareOregon, to discuss a number of topics, one including the merger that never closed with SCAN Health Plan due to local opposition from Oregonians.
Listen
Healthcare journalist, HIV advocate and educator Juan Michael Porter II discussed moderating the "Future of Science" session at the International AIDS Society's AIDS 2024 meeting in Munich, Germany, as well as addressing "founder's syndrome" in AIDS organizations and the inclusivity of the event.
Read More