Mobile devices, data breaches and patient privacy rights were some of the most talked-about topics in health IT in 2011, and according to expert opinions complied by ID Experts, 2012 won’t be any different.
In fact, experts continue to predict an upswing in mobile and social media usage, response plans, and even reputation fallout. Eleven industry experts outlined healthcare data trends to look for in 2012.
1. Mobile devices could mean trouble. Healthcare organizations won’t be immune to data breach risks caused by the increased use of mobile devices in the work place, said Larry Ponemon, chairman and founder of the Ponemon Institute. A recent study confirms that 81 percent of healthcare providers use mobile devices to collect, store, and/or transmit some form of personal health information (PHI). But, 49 percent of those admit they’re not taking steps to secure their devices.
2. Class-action litigation firestorms are looming. Class-action lawsuits will be on the rise in 2012, predicts Kirk Nahra, partner, Wiley Rein LLP. This will most likely be due to patients suing healthcare organizations for failing to protect their PHI. This past year was filled with several similar suits for organizations, some of which involved business associates and breached patient data. And despite the outcomes, one affect is certain: significant risk and cost for companies affected by the suits.
3. Social media risks will grow. Chris Apgar, CEO and president at Apgar & Associates, predicts that, as more physicians and healthcare organizations move to social media, its misuse will increase the exposure of PHI. A recent example includes a healthcare worker posting sensitive information about a patient on his Facebook. According to ID Experts, healthcare organizations often don’t develop a social media use plan, leaving a gray area of sorts for employees exposing PHI through personal social networking pages.
4. Cloud computing is not a panacea. Moreover, the technology is outpacing security and creating unprecedented liability risks, said James C Pyles, principal, Powers Pyles Sutter & Verville. According to Pyles, with fewer resources, cloud computing is an attractive option for healthcare providers, especially with the rise of HIEs. But, with privacy and legal issues coming to light, ID Experts said a “covered entity” will need to enter into a “carefully written business associate agreement with a cloud-computing vendor before disclosing protected health information.”
5. Reliance on business associates could result in new risks. Larry Walker, president of the Walker Company, believes economic realties will force healthcare providers to continue to outsource many of their functions. This includes billing to third parties or business associates, even though business associates are considered the “weak link in the chain” when it comes to privacy and security.
Continued on the next page.
6. Organizations could see reputation fallout. Rick Kam, president and co-founder of ID Experts, said identity theft and medical identity theft resulting from data breach exposure are causing patients financial and emotional harm. This often results in patients switching to other providers. According to the Ponemon study, the average lifetime value of one patient is more than $113,000.
8. Emphasis on “willful neglect” will lead to increased enforcements of HIPAA. Adam Greene, partner, Davis, Wright, Tremaine, said the focus over the next year will be on the 150 HITECH Act audits and publication of the final rules implementing modifications to the HIPAA regulations. But the biggest changes, he said, may be at the OCR investigation level. Expect OCR to pursue enforcement against noncompliance due to “willful neglect,” resulting in a sharp increase in financial settlements and fines.
9. Privacy and security training to become an annual requirement. Peter Cizik, co-founder and CEO at BridgeFront, said healthcare organizations have gotten better at putting procedures in place, but staff still isn’t following them. And since the majority of breaches happen due to human error, targeted training and awareness programs will become common in the upcoming year.
10. An increase in fraudsters means an increase in fraud risk education. Jonnie Massey, supervisor at the Special Investigations Unit, Oregon Dental Service Companies, said pressure, opportunity, and rationalization are all dangerous elements that can lead to committing a healthcare-related crime. And during hard economic times, these crimes are more prevalent. Educating those at risk may deter some from stepping over the line, or help those at risk to prevent themselves from being a victim.
11. Healthcare organizations will turn to cyber liability insurance. As organizations continue to implement their EHRs, said Christine Marciano, president of Cyber Data Risk Managers, they will consider options to protect themselves and their patients. A breach can be both costly and damaging to the organization’s reputation. And with the increased vulnerabilities, as part of a data breach response plan, organizations will increasingly turn to a cyber security/data breach insurance policy.
Follow Michelle McNickle on Twitter, @Michelle_writes