Data Privacy Top the List of Healthcare General Counsel’s Concerns
Healthcare and other confidential data must be handled with great care in any process where there is such transaction of data – as for instance during medical record review.
www.mosmedicalrecordreview.com MOS Medical Record Reviews 8596 E. 101st Street, Suite H Tulsa, OK 74133
(800) 670 2809
Healthcare and other sensitive confidential data has to be handled with great care in any process where there is such transaction of data – as for instance during medical record review or medical record retrieval. Data security is a major concern for lawyers working in the highly regulated healthcare industry, as a recent survey by Consero Group reveals. As part of Consero’s healthcare general counsel forum held late last year, the survey questioned 54 GCs (General Counsel) of mid to large healthcare systems in the US. In this survey, 75% of the respondents mentioned data security as the issue about which they are most worried. According to an IBM report on the major security threats to businesses worldwide in 2015, healthcare is projected as the most vulnerable industry, replacing financial services. More than 100 million healthcare records were compromised in 2015; and five of the largest healthcare security breaches since the beginning of 2010 occurred during the first six months of 2015. Cyber Threats to Grow in 2017 It is expected that cyber attacks will grow further in 2017 with hackers holding patient records for ransom. Protected Health Information (PHI) is one of the most valuable types of data hackers can steal. The situation is growing out of control with the exponential growth in information technology, and what bothers many healthcare GCsare the following.
While a company can have control over EHR systems, it has little control over how clients use things like patient portal systems.
Increasing use of cell phones by patients and their families within the hospital to take pictures, posting and texting could prove risky.
Personal texting by medical staff members and employees may pose a security challenge.
Independent providers who have staff privileges but are not regular employees and who use their own electronic devices could pose risk.
Data Breaches Can Prove Costly Data breaches can prove very costly. The federal government’s largest settlement with a healthcare group occurred in August 2016 with the Advocate Health Care System that agreed to settle potential HIPAA penalties for $5.55 million for three data breaches that occurred in 2013. One of these breaches involved computers stolen from a large physicians’
www.mosmedicalrecordreview.com
(800) 670 2809
group office, another was in connection with a computer stolen from a medical staffer’s car and the third involved records hacked from another company that handled hospital billing. Organizations experiencing a data breach will have to face many legal issues. Though plaintiffs find it challenging to demonstrate cognizable injury arising from data breaches, they may succeed in getting past the challenges. Therefore companies may have to rethink their data breach litigation strategies. The Internet of Things also presents a number of new litigation risks – those presented by extensive data collection, resulting from personal data being revealed through hacking or other data breaches. This may lead to an increased number of claims by consumers alleging that they were neither warned of the possibility of data being collected nor informed of its possible/intended uses. It is very likely that more organizations are likely to face increasing litigation for unfair/deceptive practices originating from their failure to properly secure consumer information, or disclose its collection and use. Healthcare providers will need appropriate safeguards including effective password protection and firewalls. They will also have to be aware of the regulations pertaining to security and remediation.
www.mosmedicalrecordreview.com
(800) 670 2809