EMR software and other healthcare technologies have proven to improve patient care and workflow efficiencies. However, with the introduction of these new IT systems and the ever-increasing use of mobile and handheld devices, the possibility of sensitive data being seen by the wrong set of eyes has also grown. In fact, the final installment of the 2012 HIMSS Analytics Report: Security of Patient Data shows that data breaches have gone up over the last six years, despite security measures set in place to prevent them.
Of the 250 survey respondents, comprised of Health Information Management Directors, Compliance and Privacy Officers, Senior IT Executives and Chief Security Officers at hospitals throughout the U.S., most agreed that “sharing information with external parties is the top item that put[s] patient data at risk.” This includes medical collections agencies, transcription and dictation services, laboratories, and pharmacies.
Although healthcare facilities are generally good about implementing proper security measures, they have no control over the network security of third-party contractors who may not be monitored as closely as medical practices and hospitals. Despite medical organizations signing Business Associate agreements regarding HIPAA compliant procedures, nearly one in five surveyed professionals claim their organization’s data breaches have been the result of a third party. Surprisingly, however, only 82 percent “require third parties to notify them of a [data] breach,” the survey said.
In order for patients’ personal health information to stay private, it is imperative that labs, medical collections companies, pharmacies, and other third-party vendors take security issues as seriously as healthcare facilities do. It is also up to healthcare administrators to third-party security measures to ensure the privacy of their patients’ data.
To access the HIMSS report, click here.