Health Care IT Still Needs Critical Care
Despite focusing on compliance and security issues, progress to date has been somewhat limited.
While obviously there are a lot of good intentions associated with many of the new health care regulations that have gone into effect in recent years, there seems to be a significant issue developing regarding the ability of health care organizations to effectively implement them.
A survey of 107 IT administrators, managers and C-level executives in health care organizations conducted by GlobalSign, a provider of SSL certificates, finds that breaches that cost more than $100,000 per incident happen on a regular basis.
The root of the problem appears to stem from the fact that while many of these regulations are in place, the health care organizations are still dealing with many paper-based processes because most of them are nowhere near implementing electronic health care records (EHR).
Most of the regulations basically assume that some form of EHR is going to be in place to help mitigate the cost of complying with regulations. But given the fact that the changes to processes that will be enabled by EHR will take years to implement, it could be quite a while before that intent catches up with reality.
In addition, most health care organizations are not all that IT security-savvy, says Lila Kee, chief product officer for GlobalSign. Even when IT systems are in place, Kee notes that it's not likely that they are going to be protected by advanced security technologies. For example, while encryption could solve a lot of these issues, the underlying technologies involved are still difficult to master and manage from the perspective of the average health care organization.
The end result is that breaches and fines may soon be simply treated as yet another cost of business that ultimately needs to be passed on to the consumer. In effect, that only serves to raise the cost of health care at a time of intense national debate. That may not have been the original intention of regulations such as the Health Insurance Portability and Accountability Act (HIPAA), but we all know what the road to hell is usually paved with.