Why is Security Important?

Why security?Prior to HIPAA, no generally accepted set of security standards for protecting ePHI existed.  So why security now?

In the healthcare industry, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of computers.  Because of this, security rules become more important than ever.

Currently, covered entities are using web-based applications and other “portals” that give physicians, nurses and other staff as well as administrative employees more access to electronic health information.  Providers are also using clinical applications such as Computerized Order Entry Systems (CPOE), electronic health records (EHR) as well as radiology and lab systems.  Because of this rise in adoption of technology, it creates and increase in potential security risks.  Electronic Patient Health Information (ePHI) is private and it needs to be secured.  It is just as private as banking, and the measures taken to protect the healthcare industry are similar.  Same goes for federal and government data.

For healthcare specifically, the laws defining security are constantly being enforced, and penalties are being levied.  A data breach in healthcare can cost millions to rectify.  In addition, a hospital or physician practice can find themselves on the front page of the news which could negatively impact patient trust, which in turn can stop patients from coming to your facility.  In addition, large financial sanctions could also hurt the facility. Security of patient health information needs to be taken very seriously.

A data breach can:

  • Compromise Patient Care – Unauthorized access could result in incorrect changes to a medical record.
  • Re-assign staff to assist in damage control – Staff will have to be diverted from their important jobs to handle the situation.
  • Financial penalties and cost – penalties could be very costly, and notification to all patients is very costly.
  • Undermines the organization – gives the impression that patient security if not important.
  • Sustained damage in reputation – trust.  Patients may not trust the organization.

For more information, you can visit the HIMSS website, or the Department of Health and Human Services.