Intimate medical details about your health is no longer stored safely in a dusty locked file cabinet. Thanks to the HITECH Act of 2009, your private health information will end up in data files that hundreds of healthcare workers may have the ability to access. However, in early 2003 the Department of Health and Human Services (DHHS) issued the HIPAA Privacy Rule, which sets a national standard for healthcare privacy in the electronic age.
The HIPAA Privacy Rule has strengthened patient’s rights substantially, but also keep the monetary burden of accountability restricted to government digression by denying patients a “private right of action.” In other words, patients have no authority to file a lawsuit against providers or payers for violations of the Privacy Rule. A patient only has the right to file a complaint. This containment of accountability paved the way for today’s numerous healthcare privacy breaches.
Since punishment for privacy breaches is limited, security has fallen off the radar in many organizations. A Ponemon study confirms that security breaches increased by 35% (year-on-year) in 2011. Despite the estimated $4-8 billion price tag associated with healthcare data breaches, many healthcare organizations are doing little to protect PHI. Instead of investing in protecting PHI, Ponemon points out that many “healthcare organizations – especially not-for-profit hospitals and small clinics – have thin margins … and are lacking sufficient security and privacy budgets needed to adequately protect patients.”
It appears that the healthcare industry and federal regulation has reached an impasse. The federal government needs to determine if its time to better define and strengthen penalties for organizations that fail to protect PHI or if patient’s should have the right to legally pursue organizations that fail to protect their information. Either way, thanks to the many changes the industry is experiencing, confidentiality is creeping in to the picture. Organizations must resolve to give confidentiality the attention it deserves.
Want to learn more about this topic? Join our webinar “How to Protect Patient Data in an Increasingly Social Healthcare Industry” on January 26th. Details and registration can be found at https://www2.gotomeeting.com/register/483961682. Register for the webinar and you will be entered to win a Perficient client badge to the February HIMSS conference in Las Vegas!