To protect against a major security breach, health care organizations are starting to invest in cyber liability insurance.
That's one of several new trends in the health care sector, which is going through several simultaneous IT transitions in 2012, according to a new report issued by ID Experts, a provider of data breach security and compliance management tools.
According to ID Experts President Rick Kam, the move to acquire cyber liability insurance is a tacit acknowledgement that health care organizations are losing the battle to secure personally identifiable information. Part of the issue, says Kam, is that with everything else that is going on in health care, such as the move to electronic health care records (EHR), security simply isn't a high enough priority.
Kam says government EHR mandates are a high priority for health care organizations because they directly affect revenue. Security, on the other hand, is seen more as a cost of doing business.
And yet in 2012, Kam says that health care organizations that ignore security issues are going to find that the fines and penalties associated with data security breaches are going to be a lot stiffer. This is because the government is starting to realize that security breaches are closely tied to Medicare fraud, which is one reason a panel recently recommended that health care IT should become more regulated. Cyber criminals are now targeting health care records because they generally contain a treasure trove of information about people that can be used to create any number of fake identities, says Kam.
Those stiffer penalties, adds Kam, are also going to be applied more aggressively to "business associates" of the health care organization who violate the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
What all this means is that security issues within health care organizations are rapidly becoming not just an IT issue, but also a business issue. And once the boards of these organizations realize that, it's only a matter of time before IT security within health care organizations becomes a top-of-mind issue in 2012.