A majority of healthcare organizations are not prepared to protect patient privacy and secure data as new uses for digital health information emerge and access to confidential patient information expands, says a new report from the Health Research Institute (HRI) at PwC US.
Old privacy and security controls are no longer able to comply with existing privacy laws and patient consent agreements, according to the report, "Old data learns new tricks: Managing patient privacy and security on a new data-sharing playground." Healthcare organizations need to update practices and adopt a more integrated approach to ensure that patient information doesn’t fall into the wrong hands.
Existing privacy and security controls have not kept pace with new realities in healthcare, which include: increased access to information in EHRs, greater data collaboration with external partners and business associations, new uses for digital health information to improve the quality and cost of care, and the rise of social media and mobile technology to better and more efficiently manage patient health.
A recent PwC HRI survey included 600 executives from U.S. hospitals and physician organizations, health insurers, and pharmaceutical and life sciences companies, and found the following:
- Theft accounted for 66 percent of total reported health data breaches over the past two years.
- Medical identity theft is on the rise: over 1/3 of the hospitals and physician groups surveyed have caught patients fraudulently using someone else’s identity in order to obtain services.
- Less than half of the respondents have policies and procedures in place regarding the use of mobile devices and social media.
- In the past two years, 25 percent of health insurers improperly transferred files containing sensitive medical and financial data.
- While only 54 percent of respondents said their institutions had implemented integrated privacy and security policy and procedures, the institutions that have done so reported a 10 percent reduction in the number of data breaches.
According to PwC officials, electronic data breaches occur three times more frequently and affect 25 times more people than paper-based health information breaches. They go on to say that most breaches are not the result of IT hackers, but instead reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error loss of a computer or device, lack of knowledge or unintended unauthorized disclosure.
Source: PwC, September 22, 2011
7 Quality of Care Investments That Earned Marshfield Clinic $15.83 Million in Shared Savings
8 Ways EHRs Improve Care Coordination for Chronically Ill Patients
Health IT in Care Management to Improve Health and Effect Behavior Change
This 35-page report describes how technology has enhanced patient engagement and self-management in specific populations. It provides the prerequisites for using technologies to engage patients in chronic disease improvement programs, setting the scene for care management and behavior change.
Health IT in Care Management to Improve Health and Effect Behavior Change is available from the Healthcare Intelligence Network for $117 by visiting our Online Bookstore or by calling toll-free (888) 446-3530.