A major focus of provider organizations heading into the New Year is centered on the delivery of value-based care and incorporating telehealth medicine into their practices. But without a solid security infrastructure, these programs will crash and burn before they’ve even left the gate. As more and more organizations add on digital tools to assist their medical departments, the laws of HIPAA are increasingly being looked at as outdated and archaic. Can the governing bodies still maintain control over a rapidly evolving marketplace that has granted customers 24/7 access to their records?
Fueling the call for change
On October 18, 2018, Elizabethtown Community Hospital in Vermont discovered a hacker had gained access to an employee’s email account, exposing the data of 32,000 patients. After weathering the storm, the company strengthened the security of their email system and added additional training for its employees. Despite this and many other recent examples, incidents of hacking are being overshadowed by internal attacks. Healthcare providers, their employees, and health insurance companies have been caught engaging in data theft, snooping on medical records, and committing various other HIPAA violations. Researchers at two major universities analyzed data breaches reported to the Department of Health and Human Services over the past 7 years and found that more than half of them were the result on internal carelessness. Nearly half of the breaches involved mobile devices, and that number will surely increase as more and more companies adopt applications that are meant for use on smartphones. From July to September of this year alone, over four million healthcare records were exposed or stolen. Healthcare organizations that have moved data to cloud service providers have left healthcare data exposed because of a lack of proper training and cybersecurity best practices. Many are left totally unprotected, and it’s estimated that 30% of healthcare databases are exposed online.
Help is on the way!
Currently the Department of Health and Human Services is seeking suggestions from the public and healthcare providers about obstacles that are impeding progress, displaying wisdom as they are going directly to the source. Now that the majority of healthcare organizations have transitioned to digital health records, many industry stakeholders are calling for more updates to the 22-year-old HIPAA laws that were enacted during a time of primarily paper-based records. Recently, these concerns have been brought before Congress to improve patients’ access to their health data and to make it easier for that information to be shared with other healthcare providers and research organizations. One example of positive change is that starting January 21, 2019 a revised rule that will enable more secondary research of EHR data will be adopted. This will aid researchers in observational studies to find patterns in patient records that will help to improve certain medical procedures, but the benefits won’t stop there. In the past, collaboration amongst separate research groups had been severely limited when looking at clinical trials for new cancer treatments for example. Because of stringent laws, these groups operated independently and didn’t share results as often. But now, encouraging signs are on the horizon for this old model to change. As the healthcare landscape adjusts to technological advances brought on by the integration into digital settings, it may still be awhile before HIPAA laws catch up. But the governing bodies that oversee these privacy rules are exhibiting more transparency and willingness to change than in years past. The road to value-based care is becoming less hazardous to all parties involved, and one must view this progress as a positive sign. Raintree Systems has their finger on the pulse as well as implementing good HIPAA practices within their systems and process. Contact us today for more information!