Provider services and solutions

Health information technology: Security and privacy

The challenge

Identity theft. Illegal marketing schemes. Fraud. All potential consequences of lax data security. As health information moves online, it becomes more accessible. Not only to healthcare stakeholders authorized to use it. There’s a hot market for buying and selling patients’ private health information for illegal purposes. The health industry has an obligation to protect patient health information from unauthorized access.

The Obama administration recognizes the security risks associated with the benefits of electronic health records. The substantial incentive of increased funding and incentive payments from the stimulus package is accompanied by some substantial penalties. Providers must notify patients when they expose patients’ personal health information, even if the security breach is inadvertent and temporary. The government prohibits buying or selling patients’ health information (with carefully prescribed exemptions for research, public health and treatment purposes). Penalties escalate from bad to worse depending on whether the breach was unintentional or due to "willful neglect." All-too-frequent news accounts tell of high-profile providers and payers who inadvertently compromised patients’ protected health information. The lesson: whether security breaches result in punitive fines or damage to your reputation—or both—you can’t afford them.

Under the standards set by the Health Information Technology for Economic and Clinical Health (HITECH) Act, federal and state governments were given even more enforcement authority. As the healthcare industry moves more and more toward electronic and personal healthcare records, protecting privacy and security becomes even more important.

How we can help you

• Data security must be a top priority. You need to understand and comply with current and upcoming security and privacy regulations.
• We can help you understand your obligations to protect patients’ private health information. We can help you address identity management concerns and comply with HIPAA regulations. We can facilitate mergers, acquisitions, and transaction services to provide for the safe transfer of protected health information. We can evaluate the effectiveness of your privacy safeguards to detect potential flaws. We can advise you on how to manage health data and reporting while also providing for patient data security.
• You should prepare proactively to deal with security breaches.
• We can help you conduct damage control if your patient information is inadvertently exposed, hacked or stolen.

Common services include

• Addressing identity management concerns
• Ensuring HIPAA compliance
• Evaluating privacy safeguards to detect potential flaws
• Conducting damage control when a security breach occurs
• Simplifying compliance and risk management by optimizing IT services and capacity planning