Sunday, February 26, 2006
"We have to worry about the hackers of the world," said Pati Trites, chief executive officer of Augusta, Mich.-based Compliance Resources. "There have already been some breaches in the pharmacy system."
Her company monitors hospitals, doctors offices and other medical professionals to see whether they are in compliance with HIPPA laws.
Trites said during a recent survey, only 55 percent of health care providers and 72 percent of insurance companies were in compliance with the federal privacy protection laws.
"We have to work on enforcement of tight security," she said. "The law is a year old. They're basically saying we're not compliant with the law."
Trites said she's worried that once all medical records go online, patients could be exposed to some severe ramifications if those records become public.
That sounds horrendous. How could so many fail to be compliant with the federal privacy regulations? Actually, it isn't the privacy part they have trouble with, it's the busy work and information sharking:
When reportedly non-compliant respondents were asked to list the specific Security standards their organizations had implemented thus far, "contingency planning" and "emergency access procedures" ranked lowest. "Risk management/risk analysis" and "workstation use and security" were ranked highest.
....When participants were asked if there were transactions that were not being exchanged with trading partners even though their own information systems were capable of conducting them, 40% of Providers and 61% of Payers said "Yes." Both groups claim that the primary reason is a lack of readiness on the other end – trading partners are not able to process the transactions. In the meantime, most Providers are utilizing Clearinghouses or direct data entry (DDE) as a work-around.
The compliance with regards to the privacy of patient records is actually much better. Scroll down to the table called "Summary of Privacy Practices Implemented by "Compliant" Organizations." You'll see that compliance rates for things that matter such as obtaining patient permission before releasing information are actually quite high. Of course, having something out there in cyberspace is a much riskier proposition. The hackers are out there, and they are clever.
posted by Sydney on 2/26/2006 07:41:00 PM 2 comments
A sci-fi book I read a few years had one character pointing out that computer systems are never more secure than the last KNOWN hack.
A national system of electronic medical records could save your life. But, if strong patient privacy protections are not included, the security of your health care information is at risk. Take action to protect your medical records. Send an email to your US Rep through Consumers Union website: http://cu.convio.net/electronic_records
By 10:27 AM, at