Venyu Blog

An unintended consequence of the HITECH Act, which is designed to incent healthcare organizations to migrate paper-based patient documentation to digital or electronic records-keeping (or EMR) in advance of future mandates, is that fraud, based on exposure to health data rose from 3 percent to 7 percent between 2008 and 2009. While the adoption rate of EMRs by U.S. Medical Offices as well as hospital-owned and health-system-owned sites climbed, in select cases, over the 50 percent mark, it is the jump in the number of fraud instances that continues to send shockwaves through the strata of the health industry’s cultural bedrock.

And make no mistake say the experts. First and foremost this is really about changing culture.

Deke George, CEO of NetSPI, a security consultancy with a strong healthcare client base suggests that healthcare professionals often try and balance the idea that a life is worth more than the possibility that someone will be able to access information. “An evolved sense of risk management and compliance and security really doesn’t exist in that space. So organizations really just haven’t dealt with how to implement security for any level, whether at the database or elsewhere,” said George.

Even more troubling is the conclusion James Van Dyke, president of Javelin Research and Strategy has drawn about research into the industry’s ability to police itself and protect patient data. “We think medical providers aren’t up to the task. They won’t have security best practices in place to match the incidents of fraud, and we think theft of personal information is going to get worse,” said Van Dyke.

A third point of view, espoused by a product manager for a database and application vendor, suggests there’s nothing about database security that’s peculiar to healthcare. “In the end we’re all securing data in databases and Oracle, SQL Server, and Sybase. They work the same whether you have your secret recipe in them or you have your healthcare information in them or you have credit card data in them.”  As a result, said the vendor, healthcare providers need only look for best-practice and thought leadership material for pointers on how to get a database protection program in order.

Whatever side you come down on, with more than $19.2 billion in HITECH-funded financial incentives at stake in medical organizations that successfully transition to EMR, it’s a sure bet that for the healthcare industry at large there’s simply no better time to adopt data protection best practices; if not to guarantee their slice of the federal largess, then at least to ensure patient data is universally and unequivocally protected.  Read the full article here.