While healthcare organizations face issues of their own in adopting information technology, a larger struggle remains with the patients they serve.
A majority of them remain skeptical of electronic healthcare records. For them, health information privacy is a major issue.
That’s the finding of a recent Black Book survey. Of the more than 12,000 patients surveyed in late 2016, an overwhelming number voiced trust issues with health information privacy. Consider the following findings.
- 87% said they would not fully disclose healthcare information in detail for electronic records
- 90% said they have concerns information from their pharmacy records would be shared, while 99% had the same concern about mental health care records
- Another 81% said they feared information about chronic conditions would not be safe
- While only 5% said they have issues with the actual technology used, 84% said their trust (or lack thereof) rested on how healthcare operations used their records
That’s just a sampling of the findings. All of it indicates that patients still have not accepted the use of electronic health records. If anything, the level of trust in health information privacy seems to have lessened in recent years.
Policy, Focus Issues
At least part of the issue with maintaining the integrity of healthcare records resides in government policy.
The Health Insurance Portability and Accountability Act (HIPAA) sets requirements for healthcare organizations to meet in order to assure the privacy of medical records. It also sets standards for how that information can be collected and shared.
However, a focus on meeting those government regulations may have kept healthcare organizations from focusing on the larger picture of cybersecurity, some in the industry believe. Denise Anderson, president of the National Health Information Sharing and Analysis Center, told Govtech Works that HIPAA has “focused healthcare organizations too much on data privacy and not enough on data integrity, data loss, disrupted operations and patient safety.”
In light of recent attacks such as Wannacry, which was focused on disrupting a facility’s operation rather than data theft, there is a growing sentiment that healthcare organizations should join together in their cybersecurity efforts. It is difficult for one operation to adequately handle all threats, and when working more closely, each can learn valuable lessons from the experience of another.
Wannacry and other cyber-attacks merely highlight the need for better data security as well as the trained professionals needed to manage that security.
In 2015, hackers gained access to Anthem Inc.’s database. The second largest health insurer had personal information for 80 million people in its files, including names, social security numbers, street addresses, employment information and medical identification numbers.
The Anthem Inc. case is just one example. A study by Poneman Institute found that almost 90% of healthcare organizations surveyed experienced a data breach in the last two years. About 45% of those surveyed experienced five breaches over the same time period.
The study estimated that data breaches result in more than just a loss of information and patient trust. They’ve also cost the healthcare industry about $6.2 billion.
Steps To Address Security Issues
The first step in dealing with data security – and, by extension, patient trust in healthcare records – is to make cybersecurity a primary focus for the organization.
In terms of practical steps, this means board of directors and executive involvement in the issue. It could also mean investment in cybersecurity software and personnel. Without it becoming a priority at the top levels of an organization, progress will remain slow.
Part of making cybersecurity a priority involves the hiring of a Chief Information Security Officer. That person should have a position within the organization in which they report directly to executives. The sole focus of the job is to develop and implement strategies to ensure data security.
Another practical step is setting aside a budget earmarked specifically for cybersecurity technology and personnel. Part of this involves setting up standards for assessing potential outside vendors hired by healthcare organizations who have access to medical records data.
Data security is a complex issue, but it’s one faced on a daily basis by every industry. In its ongoing efforts to adopt innovative technology, the entire healthcare sector must remain vigilant in protecting private information. It’s the only way to win the patient trust that is key to a successful medical operation.