This week's 3 privacy & security developments
Beth Walsh | August 14, 2015 | Health Exec | Cybersecurity

This week in health IT, there were three interesting developments all centered around the privacy and security of health data.

EHR vendor Medical Informatics Engineering (MIE) faces a class-action lawsuit in the aftermath of its cyberattack that affected 3.9 million patients. Security experts have been warning that this is the next challenge for healthcare providers—lawsuits in response to data breaches which only increases their costs and does more damage to their reputation.

More than 100 plaintiffs have joined the suit which alleges that MIE did not "take available steps to prevent and stop the breach from ever happening," failed to disclose to its customers material facts related to the breach and provide timely notice of the breach.

A report released this week finds that the records of 94 million patients have been stolen from healthcare entities so far this year.

Conservative think tank American Action Forum (AAF) says that in 2013, 90 percent of hospitals claimed to have a computerized system capable of conducting or reviewing a security risk analysis. However, data breaches and the number of records compromised in each breach are increasing. The numbers indicate a 160 percent increase in the average number of records compromised in a single breach from 2014 to 2015, according to the report.

“Already, more has been spent on responding to security breaches of healthcare records in the first six months of 2015 than the total amount of federal incentives paid through the HITECH Act to make this transition happen,” the report says.   

Meanwhile, the Health IT Policy Committee met this week and approved the recommendations from the Privacy & Security Work Group regarding security of big data.

The group encourages the Office of the National Coordinator for Health IT (ONC) and other federal stakeholders to hold more public inquiries to increase understanding. “There is a lot of conversation around privacy but understanding much of the harm we’re trying to prevent still remains elusive,” said Stanley Crosley, of Drinker Biddle & Reath law firm and co-chair of the work group. “It would benefit policymakers to know more about the harms consumers are concerned about and make sure they’re taking steps to address those harms.”

The work group’s recommendations include voluntary codes of conduct, the use of community risk assessment review boards, individuals’ rights to access their data, improving trust and reducing the risk of reidentification and having the Office of Civil Rights be a more active steward of the HIPAA deidentification standards.

Beth Walsh

Clinical Innovation + Technology editor

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Related Content

Key trends in enterprise imaging
Ascension confirms ransomware caused service shutdowns, ambulance diversions
Six hospital groups urge UnitedHealth to take responsibility for Change Healthcare hack notifications
Ascension experiences disruption of operations after 'cybersecurity event'
AMA says Change Healthcare breach is crippling independent practices
Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits

Design by Adaptive Theme
Trimed Popup
Trimed Popup