Experts Forecast Top Seven Trends in Healthcare Information Privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach, and governance were asked to weigh in with their forecasts for 2011. These experts suggest that as health information exchanges take form, millions of patient records—soon to be available as digital files—will lead to potential unauthorized access, violation of new data breach laws and, more importantly, exposure to the threat of medical and financial identity theft.

These predictions are supported by the recent Ponemon Institute’s Benchmark Study on Patient Privacy and Data Security, published November 2010, which found that data breaches of patient information cost the healthcare industry $6 billion annually; protecting patient data is a low priority for hospitals; and the healthcare industry lags behind the recently enacted HITECH laws…

Industry-Wide Experts Share Their Opinions and Insight…

Dr. Deborah Peel, M.D., practicing physician and founder of Patient Privacy Rights; the nation’s health privacy watchdog

“2011 will be the year that Americans recognize they can’t control personal health information in health IT systems and data exchanges. Will 2011 be the year that data security and privacy are the top of the nation’s agenda? I hope so. The right to privacy is the essential right of individuals in vibrant Democracies. If we don’t do it right in healthcare, we won’t have any privacy in the Digital Age.”…

Experts name top 7 trends in health information privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach and governance have identified the top seven trends in healthcare information privacy for 2011.

The experts suggest that as health information exchanges take form, millions of patient records – soon to be available as digital files – will lead to potential unauthorized access, violation of new data breach laws and exposure to the threat of medical and financial identity theft.

“Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry,” said Larry Ponemon, chairman and founder, Ponemon Institute.

“Millions of patients are at risk for medical and financial identity fraud due to inadequate information security,” he said. “Information security in the healthcare industry is at the fulcrum of economic, technological, and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges – but it must. The reputation and well-being of those organizations upon which we rely to practice the healing arts depends on it,” he said…

Re: Release of Ponemon “Benchmark Study on Patient Privacy and Data Security” on Nov 9th

Today’s new Ponemon study catalogs the health care industry’s massive indifference to keeping patients’ health data secure.

View the Ponemon Study Press Release

This is not a new problem. The lack of ironclad data protection and security has been a set up for catastrophe from the beginning.  If banks handled the security of financial records as badly as hospitals handle health records, they would have been shut down.

Why is abysmal security for health data tolerated, when it is far more sensitive than financial records and also contains financial and demographic information?

The study details the lack of comprehensive technical protections, the lack of adequate staff, the lack of adequate funding , and the lack of encryption. It even found that 53% of health care organizations are “not confident” they know where patient data is actually located.

It’s painful to read such graphic detail about the breathtaking, systemic disregard for patient data protections. Page after page of awful statistics should make the public and government pause before spending $39 billion dollars of stimulus funds on such fatally flawed systems.

Relentless industry promotion of health IT seems to override the lack of adequate data protection and common sense.

Here are a few statistics from the study:

  • The total economic burden on US hospitals of data breaches is $12 Billion dollars/year.
  • 69% of health care organizations can’t prevent or detect data breaches
  • 71% of health care organizations have inadequate resources to deal with data breaches or improve their systems and technology
  • 70% of hospitals said that data protection is not a priority
  • Strikingly, 41% said that data breaches were discovered by patients, which appears to be low because another 19% of breaches were discovered because of legal complaints and 8% by law enforcement. Both legal actions and law enforcement complaints were also probably because patients discovered breaches and sought help, making the total of patient-discovered breaches closer to 68% than 41%.

If 41-68% of patients reported breaches, they must have suffered direct harms, such as data exposure leading to humiliation/embarrassment, identity theft, or medical identity theft.

Shouldn’t the government spend the stimulus billions on systems that DO ensure data security and EMPOWER patients to selectively disclose sensitive health information only to those they trust?