Health and Electronic Security

The rapid adoption of electronic health records (“EHR”) and other new technology in healthcare has resulted in the introduction of serious security threats.  Numerous stories and reports have made it clear that hackers, criminals and others view the healthcare industry as a ripe target due to security vulnerabilities.  This issue is exacerbated by the high value placed upon medical records in the black market.

The question that many are asking is was all of the money spent on acquiring EHRs misspent now that security flaws or issues are popping up with such frequency.  Namely is healthcare throwing good money after bad.  To some degree it may be a misplaced accusation.  Any adoption of newer technologies will lead to issues, including exploitation of flaws that may not be expected.  Unfortunately, it is also likely that bad actors will be ahead of the field when it comes to finding weaknesses or ways to get at data.  Such a scenario should be viewed as an inherent risk in implementing technology.  That being said, it is likely an unavoidable risk in this day and age.  It is simply too difficult and against expectations to remain on the digital sidelines.

The increase in attacks against healthcare entities should appropriately raise alarm bells and spur action.  Medical information is very sensitive on many levels and needs to be protected.  One place to look for a solution is HIPAA.  As is well-known, the HIPAA Security Rule sets standards for protecting health information.  The technical, physical, and administrative safeguards define certain minimum standards to follow.  In the current day and age though, the HIPAA standards by themselves are probably not enough.  From this perspective, it is important to remember that HIPAA only sets a floor, not a ceiling.  Best practices may well require actions beyond those proscribed by HIPAA.  The healthcare industry needs to evolve and adapt to new realities.

The speed with which adaptation can occur will dictate how secure medical information remains.  While much money was and is being spent in connection with new digital and technological solutions, the expense is not going to end as long as threats remain.  Technology takes investment, time and attention, all of which are ongoing and recurring obligations.

About Matt Fisher

Matt is the chair of Mirick O'Connell's Health Law Group and a partner in the firm's Business Group. Matt focuses his practice on health law and all areas of corporate transactions. Matt's health law practice includes advising clients with regulatory, fraud, abuse, and compliance issues. With regard to regulatory matters, Matt advises clients to ensure that contracts, agreements and other business arrangements meet both federal and state statutory and regulatory requirements. Matt's regulatory advice focuses on complying with requirements of the Stark Law, Anti-Kickback Statute, fraud and abuse regulations, licensing requirements and HIPAA. Matt also advises clients on compliance policies to develop appropriate monitoring and oversight of operations.
This entry was posted in Business, EHR, Health IT, HIPAA and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s