Venyu Blog

When it was passed into law it’s probably reasonable to conclude no one in the healthcare industry believed the HITECH Act, which requires healthcare organizations to inform patients when their data is compromised, was a silver bullet fired to contain data breaches. That said, I don’t believe this was exactly the outcome that was expected.

According to this article available at Dark Reading, data breaches have reached more than $6 billion per year, however in spite of these numbers, 70 percent of healthcare organizations say securing patient data is not yet a priority.

The findings, included below, are as surprising as they are alarming:

• 71 percent of healthcare organizations say they don’t have enough resources to properly lock down patient data.

• 69 percent say they don’t have the proper policies and processes in place to detect, much less thwart data breaches.

According to the report 40 percent of healthcare organizations learned of a data breach after a patient complaint and 63 percent of healthcare organizations took one to six months to resolve a breach. The most vulnerable data to loss or theft are patient billing (35 percent) and medical records (26 percent).

Moreover, the Ponemon Institute found that the impact of a data breach is about $1 million per hospital, per year and the lifetime value of a lost patient is $108,000.

Larry Ponemon, CEO of the renowned Ponemon Institute which tracks and audits breaches of all kinds in a wide array of industries is quoted in the article discussing how compromising the integrity of the provider-patient relationship is detrimental to the long-term health of the industry.

“Long-term, the provider-patient relationship in healthcare is based on a bond of trust. Unfortunately, many of the breaches affecting healthcare organizations suggest that the industry has taken patient trust for granted and allowed lax security practices to compromise the integrity of protected health information.”

Besides implementing an EHR system to store and secure patient records, a recent article found in Medscape Today – Why Your Patients’ Data May Not Be Safe: 5 Steps to Protect It, suggests that deploying encryption techniques to all outgoing files as well as data-at-rest largely keeps patient data from falling into the wrong hands.

This includes everything from laptops and PDAs to flash drives, DVDs and smartphones. The Medscape article also recommends encrypting emails containing confidential information in the belief/best practice that encrypting such information before it leaves your practice not only protects patient data, it also protects you.

A full copy of the Ponemon Report is available for download here. Read about Venyu’s total security and encryption solution here.