Health Care Organizations Ill-Prepared to Protect Patient Data, Privacy

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon

A majority of health care organizations remain underprepared to safeguard patient privacy and secure patient data in the wake of new uses for digital health information and expanded access to confidential patient information, reveals a report released by Price Waterhouse Cooper's Health Research Institute in New York City, New York. Privacy and security measures, the report states, have not kept pace with such new health care “realities” as electronic health records (EHRs), social media and mobile technology, and increased data collaboration among health care facilities and external partners.

Incorporating feedback from a nationwide survey of 600 executives from U.S. hospitals and physician organizations, health insurers, and pharmaceutical and life sciences companies, the report indicates that theft accounted for two-thirds of the total number of reported health data breaches over the past two years. The top privacy/security issue experienced by health care organizations over the past two years was Improper use of personal health information by a "knowledgeable insider", and while more than one-third of hospitals and physician groups claimed to have experienced medical identity theft attempts by individuals seeking treatment.

In other survey findings, more than half (55%) of health care organizations polled have yet to tackle privacy and security issues associated with the use of mobile devices. Fewer than 24% have addressed these issues with respect to social media.

Additionally, according to the research, fewer than half of participating health care organizations have implemented policies covering the use of social networking at work for purposes other than performing one’s job, but more than half allow employees to access social networking sites during business hours.

Moreover, a mere 58% of providers and 41% of health insurers said they include the appropriate use of EHRs as part of employee privacy training. Just 17% of providers and 19% of payors have implemented a process for managing patients' consent with respect to how their information can be used.

James Koenig, director of PriceWaterhouse Coopers’ health information privacy and security practice, says electronic data breaches occur three times more frequently and affect 25 times more people compared to paper-based health information breaches. He believes the majority of these breaches are attributable to human error and to deliberate actions by knowledgeable insiders, rather than to IT hackers.

To download the report, click here: http://www.pwc.com/us/en/health-industries/publications/old-data-learns-...