Identity theft. Illegal marketing schemes. Fraud. All potential consequences of lax data security. As health information moves online, it becomes more accessible. Not only to healthcare stakeholders authorized to use it. There’s a hot market for buying and selling patients’ private health information for illegal purposes. The health industry has an obligation to protect patient health information from unauthorized access.
The Obama administration recognizes the security risks associated with the benefits of electronic health records. The substantial incentive of increased funding and incentive payments from the stimulus package is accompanied by some substantial penalties. Providers must notify patients when they expose patients’ personal health information, even if the security breach is inadvertent and temporary. The government prohibits buying or selling patients’ health information (with carefully prescribed exemptions for research, public health and treatment purposes). Penalties escalate from bad to worse depending on whether the breach was unintentional or due to "willful neglect." All-too-frequent news accounts tell of high-profile providers and payers who inadvertently compromised patients’ protected health information. The lesson: whether security breaches result in punitive fines or damage to your reputation—or both—you can’t afford them.
Under the standards set by the Health Information Technology for Economic and Clinical Health (HITECH) Act, federal and state governments were given even more enforcement authority. As the healthcare industry moves more and more toward electronic and personal healthcare records, protecting privacy and security becomes even more important.