The Ponemon Institute is releasing the results of its survey of 67 American healthcare organizations and their data breach incidents over the last two years. It turns out that the customer losses and legal fees for the privacy violations rack up an average of $1 million per hospital.
As we head toward critical mass of computerized patient records in this country, the study is a reminder of how important stemming those violations are, in terms of patient trust and retention and the bottom line.
Strangely, the interviewees said the privacy standards, which are tied to the incentive funds under the HITECH Act and include notifying patients when there's a potential data breach, weren't effective. I'm not quite sure where the ineffectiveness lies. If this is a requirement tied to the incentives, whose responsibility is it to implement stronger privacy and security processes within the health system? That's a head scratcher for me.
The study noted that the interviewees believe that implementing EHR systems has helped strengthen patient data security because having an IT system ideally demands control and centralization. Makes sense.
We've been so immersed in and focused on this computerization process for a number of years now that we often forget the vulnerabilities of paper records. Not that EHRs can't be decentralized, but paper records are more vulnerable to decentralization than EHRs.
The bottom line is that the industry is heading into the computerized record world, whether we like it or not. The study shows that somehow all stakeholders need to take ownership of the privacy standards under the HITECH Act and make them effective. It also showed that EHRs can provide more security and therefore instill trust in the public - so long as we put the processes in place.
Photo by aresauburn via Creative Commons license.
