Here’s what we know. In the Anthem hack, it is estimated that approximately 80 million records were stolen. The Anthem hackers stole information of both employees and customers, which included names, address, emails, birth dates, medication history, employment details, family relatives and more. But while most hackers steal financial data for spending sprees – these hackers had next-step intentions with the stolen data serving as the basis for phishing emails with attachments for the purposes of installing malware using their official email accounts, gathering even more personal information, and then it was propagated across entire networks. So now what?
Know the facts. According to Privacy Rights Clearinghouse, up until Anthem, since 2006, about 6.6 million records have been exposed from 79 medical-related breaches of hacking or malware type. Last year, Community Health Systems Inc. announced a large data breach of its health system compromising data for 4.5 million patients and now Anthem at the 80 million mark. Attackers like targeting EHRs because the records are highly profitable compared to other forms of information. For example, each credit card data is valued about $1 in the black market. However, according to various sources, a partial or complete EHR can generate $50 to $100 on the black market. The high price is because of the healthcare data includes personal identity information and sometimes carries credit card information along with insurance and personal health information. So, while financial information can be tracked and secured following a breach — the healthcare information cannot be as easily tracked and resolved.
Current mandates. Every EHR provider should safeguard data and information with HIPAA-complaint communication protocols, 128-bit encryption and public key authentication. As per the HIPAA norms of strong grade encryption and authentication, providers should meet all the regulatory requirements enabling security and confidentiality. Scheduled backups of the data are essential to keeping records and information from being lost or destroyed.
Reports state that only 39 percent of physicians share data using a health information exchange (HIE). There is even a lower number of only 14 percent who electronically share data with ambulatory care providers or hospitals outside their organization. While these numbers may seem astounding to some with Stage 2 fast approaching — the reason is clear. Because even though providers want to share health information electronically they are hindered by EHRs that can’t communicate with one another, lack information-exchange infrastructure, and the high expense of setting up electronic interfaces and health information exchanges.
Below are the top reasons why EHR sharing remains low for adoption:
Lack of Interoperability. The majority of providers and physicians have acknowledged lack of EHR interoperability and exchange infrastructure as major barriers to health information exchange. They have also identified the cost of creating and maintaining interfaces and exchanges as a major barrier.
Lack of Advanced Technology. Over the last few years, various HIE systems have been developed, but many have failed for technological and organizational reasons. High-level issues must be addressed to implement an HIE successfully, including disparate EHR and HIS systems. Most previous HIE research focused on high-level issues and evaluating impact on healthcare delivery, ROI, Syndromic Surveillance, etc.
Lack of Security and Streamlining. Quantitative measures are crucial to the long-term sustainability of HIEs. Interoperability of patient data doesn’t effectively address concerns on privacy, productivity, workflow and costs. Streamlining HIE access through integration with electronic health records to minimize workflow interruption, and keeping costs reasonably low for providers, may increase participation.
Lack of Affordability and Productivity. The cost and loss of productivity are major barriers to HIE adoption. While there are many compliant products on the market, not all of them provide cost savings and lead to efficiency or increased productivity.
The purpose of EHR and HIE is to make patient specific information available at the point of care to improve the delivery and quality of care. Interoperability of patient data no doubt has many advantages, including improved care coordination, elimination of paperwork, reduction in duplicate tests and reduction of medical errors. It is imperative to develop a long-term plan for standards and interoperability that will support competing public and private-sector Interoperability efforts. We should also encourage clear regulation on compliance with federal privacy and security laws. There should also be national benchmarking to share best practices and lessons learned. There should be significant cooperation among primary-care providers, medical specialists, long term care providers and hospitals to outline common information sharing needs promoting a value-based care.
Given the tremendous and on-going changes currently taking place in health IT, especially the recent delay in ICD-10, and the ever on-going issues surrounding meaningful use, we remain in a turbulent, yet revolutionary time in the industry. As changes continue to come and behaviors, habits, further reform is activated and enforced, there will only be more of a focus on where we are headed from a technology standpoint.
Given the multiple balls health IT leaders are currently juggling and the rapid changes they are facing from new technology and managing tools that were once thought to be saviors of the sector – patient portals come to mind – I and they are left to wonder what’s next for health IT. With that lingering question, I asked a few folks working directly in the space what they think will occupy the minds of health IT leaders for the short term.
The delay in ICD-10 implementation was met with equal parts relief and frustration. As the healthcare IT industry is evolving, government and regulatory authorities have come up with several certifications to enhance the quality of care for patients. For example, meaningful use incentives have created an artificial market for dozens of immature EHR products. Many EHR vendors have been preoccupied with backlogged implementations and have neglected the usability and innovation of their EHR products. Most concerning to current EHR users are unmet pleas for sophisticated interfaces with other practice programs and complex connectivity, pacing with accountable care progresses and the rapid EHR adoption of mobile devices. Many popular “one size fits all” EHR products have failed to meet the needs of several medical specialties.
Distracted by the process of certifying their EHR products for Stage 2 of meaningful use, not all software vendors have been able to deliver on their Meaningful Use 2 promises to anxious providers; 40 percent of the practices are replacing their EHR systems, as their current systems are cumbersome to use, not integrated, not able to meet regulatory compliance, outdated, have interoperability challenges, inefficient customer support, lacks specialty specific workflow and are not mobile enabled.
Stacy Leidwinger
Stacy Leidwinger, vice president of product marketing, RES Software
A top concern in healthcare right now is securing patient health records. Although the clinical details themselves contain little financial value, the records contain personal patient details that can easily result in stolen identity or credit card information.
In the US, nearly 3 trillion dollars per year is spent on healthcare, which translates to everyone from physicians and pharmacists to well-organized crime syndicates targeting healthcare, usually through the use of stolen patient records and identities.
Two of the weakest points in healthcare security are 1) people tending to underestimate security risks, therefore, becoming vulnerable to social engineering, and 2) the fact that endpoints can’t be physically secured in many cases while continuing to provide needed value. Patients need to take a more serious approach in choosing a healthcare organization by making it clear that they “trust” their provider.
Guest post by Divan Dave, CEO, OmniMD.