This week's 3 privacy & security developments

This week in health IT, there were three interesting developments all centered around the privacy and security of health data.

EHR vendor Medical Informatics Engineering (MIE) faces a class-action lawsuit in the aftermath of its cyberattack that affected 3.9 million patients. Security experts have been warning that this is the next challenge for healthcare providers—lawsuits in response to data breaches which only increases their costs and does more damage to their reputation.

More than 100 plaintiffs have joined the suit which alleges that MIE did not "take available steps to prevent and stop the breach from ever happening," failed to disclose to its customers material facts related to the breach and provide timely notice of the breach.

A report released this week finds that the records of 94 million patients have been stolen from healthcare entities so far this year.

Conservative think tank American Action Forum (AAF) says that in 2013, 90 percent of hospitals claimed to have a computerized system capable of conducting or reviewing a security risk analysis. However, data breaches and the number of records compromised in each breach are increasing. The numbers indicate a 160 percent increase in the average number of records compromised in a single breach from 2014 to 2015, according to the report.

“Already, more has been spent on responding to security breaches of healthcare records in the first six months of 2015 than the total amount of federal incentives paid through the HITECH Act to make this transition happen,” the report says.   

Meanwhile, the Health IT Policy Committee met this week and approved the recommendations from the Privacy & Security Work Group regarding security of big data.

The group encourages the Office of the National Coordinator for Health IT (ONC) and other federal stakeholders to hold more public inquiries to increase understanding. “There is a lot of conversation around privacy but understanding much of the harm we’re trying to prevent still remains elusive,” said Stanley Crosley, of Drinker Biddle & Reath law firm and co-chair of the work group. “It would benefit policymakers to know more about the harms consumers are concerned about and make sure they’re taking steps to address those harms.”

The work group’s recommendations include voluntary codes of conduct, the use of community risk assessment review boards, individuals’ rights to access their data, improving trust and reducing the risk of reidentification and having the Office of Civil Rights be a more active steward of the HIPAA deidentification standards.

Beth Walsh

Clinical Innovation + Technology editor

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.