This week's 3 privacy & security developments

This week in health IT, there were three interesting developments all centered around the privacy and security of health data.

EHR vendor Medical Informatics Engineering (MIE) faces a class-action lawsuit in the aftermath of its cyberattack that affected 3.9 million patients. Security experts have been warning that this is the next challenge for healthcare providers—lawsuits in response to data breaches which only increases their costs and does more damage to their reputation.

More than 100 plaintiffs have joined the suit which alleges that MIE did not "take available steps to prevent and stop the breach from ever happening," failed to disclose to its customers material facts related to the breach and provide timely notice of the breach.

A report released this week finds that the records of 94 million patients have been stolen from healthcare entities so far this year.

Conservative think tank American Action Forum (AAF) says that in 2013, 90 percent of hospitals claimed to have a computerized system capable of conducting or reviewing a security risk analysis. However, data breaches and the number of records compromised in each breach are increasing. The numbers indicate a 160 percent increase in the average number of records compromised in a single breach from 2014 to 2015, according to the report.

“Already, more has been spent on responding to security breaches of healthcare records in the first six months of 2015 than the total amount of federal incentives paid through the HITECH Act to make this transition happen,” the report says.   

Meanwhile, the Health IT Policy Committee met this week and approved the recommendations from the Privacy & Security Work Group regarding security of big data.

The group encourages the Office of the National Coordinator for Health IT (ONC) and other federal stakeholders to hold more public inquiries to increase understanding. “There is a lot of conversation around privacy but understanding much of the harm we’re trying to prevent still remains elusive,” said Stanley Crosley, of Drinker Biddle & Reath law firm and co-chair of the work group. “It would benefit policymakers to know more about the harms consumers are concerned about and make sure they’re taking steps to address those harms.”

The work group’s recommendations include voluntary codes of conduct, the use of community risk assessment review boards, individuals’ rights to access their data, improving trust and reducing the risk of reidentification and having the Office of Civil Rights be a more active steward of the HIPAA deidentification standards.

Beth Walsh

Clinical Innovation + Technology editor

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup