Data Breaches, Incentive Dollars Keep E-Health Records Front of Mind

Lora Bentley

Many times, data breaches result from a security flaw in a network that allows a hacker easy access to company or customer information. Or they result from careless employee activity - like leaving a laptop full of unencrypted data in a cab, or downloading information to a thumb drive and then using that data on a home network that's not secured.


But a hospital in New York experienced a data breach of a different kind. The New York Times reported Tuesday Lincoln Medical and Mental Health Center recently notified upward of 130,000 patients that their information may have been compromised after a billing contractor handed seven CDs full of unencrypted data to FedEx for shipping, and then the CDs were lost in transit.


The fact that data is at risk is one thing. That the data at risk is health care information makes it entirely another. The HITECH Act, passed as part of the American Recovery and Reinvestment Act, established the nation's first federal data breach notification rule, which applies specifically to health information. Among other things, it requires health care organizations and business associates to report data breaches that affect more than 500 people to the Secretary of Health and Human Services along with informing the affected individuals.


Health information security is also of particular interest lately given the federal incentive money available to those health care providers that can implement and prove "meaningful use" of electronic medical records systems. But before organizations can determine how to best safeguard the information in their electronic records systems, they need to figure out what "meaningful use" actually entails. And they're having a hard time doing that.


According to a recent PricewaterhouseCoopers survey, 8 of 10 hospital CIOs aren't sure they'll be able to meet the "meaningful use" requirements to qualify for the incentive. InfoWorld reports 94 percent of respondents to the survey indicated that they are concerned about meeting meaningful use reporting requirements, and 92 percent are confused by the lack of clarity in the requirements.


Apparently the largest problem arises from the fact that health care providers have a limited amount of time to qualify for and collect the incentives - only four years. They need to start working now to meet that goal, according to InfoWorld, but many are hesitant to start because they are unclear on what exactly is required. The survey also revealed that only half of the 120 hospital CIOs who participated said they would be prepared to meet the first set of meaningful use requirements by next year.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.