A recent report is shedding light on the inadequate protection of patient information in the healthcare industry. As the healthcare industry continues to transfer all patient medical information to an electronic database, this report demonstrates the level of preparedness as it relates to data protection.
The results of the study, conducted by Kroll Fraud Solutions, a data and identity theft protection company, shows that more resources are being allocated to data breach response as opposed to data breach prevention. The results were referred to as "bittersweet" by Kroll Fraud Solutions CEO, Brian Lapidus, who applauded the healthcare industry for recognizing the significance of data security, but expressed a stronger need for preventative solutions.
"Organizations are so afraid of being labeled 'noncompliant' that they overlook the bigger elephant in the room, the still-present risk and escalating costs associated with a data breach. We need to shift the industry focus from a 'check the box' mentality around compliance to a more comprehensive, sustained look at data security," Lapidus said.
When healthcare organizations were asked to rate themselves on a scale of 1 to 7 on compliance and preparedness of data protection, the average rating they gave themselves was between 6.0 and 6.06. According to the report, the number of data breaches reported by the healthcare industry is increasing, despite regulatory measures such as the Red Flag Rule, intended to prevent security breaches. The number of healthcare agencies reporting security breaches rose to 19 percent in 2010.
Patient information that is transferred to an electronic records system will be available to hospitals, insurance agencies and third party systems, which will require an increase in the number of third party handlers who will have access to patient records. The report showed the number of third party employees required to undergo background checks by their hiring healthcare organization to be around 50 percent.
The security of patient information is becoming an increasingly important step in combating medical identity theft, which is developing into the fastest growing form of identity theft. Medical identity theft allows those with a victim's medical or insurance information to undergo medical procedures, procure prescriptions, and submit medical claims under the victim's name. With patient records set up to be transferred to an online database, inadequate security measures leave millions of Americans vulnerable to medical identity theft.