Despite the HIPAA privacy law, despite increase awareness, and even despite all of the negative publicity generated from the Heartland situation, the health care industry continues to be victimized by cyber crime.
On its Health Information Privacy Web site, the Department of Health and Human Services (HHS) reports (as required by the HITECH Act) security breaches of health information, each which affected more than 500 people. The list dates to Sept. 22, 2009 and includes more than 30 companies.
HHS appears to be taking steps to lessen these breaches. According to an InformationWeek blog by Marianne McGee, the department is filling important positions dealing with privacy and security in health care. McGee wrote:
For starters, HHS' Office of National Coordinator for Health IT (ONC) appointed its first chief privacy officer, a role mandated by ARRA. Named to fill the new job was Joy Pritts, a lawyer and associate research professor at Georgetown University, who will advise HHS and ONC on electronic health data privacy and security issues related to HITECH programs.
In another cybersecurity related move last week, HHS posted a "pre-solicitation" for a contractor to study the security and privacy risks to health IT.
It may have been too long in coming, but it's good to see HHS and the federal government taking more steps to protect health data, especially as more data is stored electronically in order to be accessed by multiple health care enterprises.