Privacy and security concerns at the forefront

It’s that time of year when research and consulting firms and other organizations offer their predictions for top health IT concerns for the new year and privacy and security seems to be taking a lead position.

The healthcare industry will continue to be a vulnerable and attractive target for cybercriminals in 2015, according to the second annual Data Breach Industry Forecast conducted by Experian.

The expanding number of access points to protected health information and other sensitive data via EHRs plus the growing popularity of wearable technology are what make healthcare so attractive to attack.

The report predicts that healthcare will continue to be plagued with data breaches in 2015. Healthcare organizations accounted for about 42 percent of all major data breaches reported in 2014 and “we expect this number will continue to grow until the industry comes up with a stronger solution to improve its cybersecurity strategies,” said Michael Bruemmer, vice president at Experian Data Breach Resolution, in a statement.

PricewaterhouseCooper's Health Research Institute also found that a good balance between privacy and convenience is a top concern among consumers. More than two-thirds (65 percent) of consumers said they consider health information security more important than convenient access to test results, prescriptions and doctors' notes. Another 68 percent of consumers said they also were concerned about smartphone health app data security and 78 percent about medical data security. 

Meanwhile, a mental health organization in Alaska has agreed to pay a fine and improve its HIPAA compliance program after a Department of Health and Human Services (HHS) investigation found the group failed to appropriately safeguard patient data.

Anchorage Community Mental Health Services (ACMHS) will pay $150,000 to settle potential HIPAA violations after the organization failed to patch their systems and continued to run outdated, unsupported software that eventually resulted in a malware data breach affecting 2,743 individuals. The breach was reported in March 2012.

The investigation by the HHS' Office for Civil Rights (OCR) found that ACMHS had adopted HIPAA security policies and procedures, but they were not followed by employees for a seven-year period, from 2005 to 2012.

Consumers and regulators are watching so make sure your policies and procedures are in good working order now and for the future.

Beth Walsh

Clinical Innovation + Technology editor