Experts name top 7 trends in health information privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach and governance have identified the top seven trends in healthcare information privacy for 2011.

The experts suggest that as health information exchanges take form, millions of patient records – soon to be available as digital files – will lead to potential unauthorized access, violation of new data breach laws and exposure to the threat of medical and financial identity theft.

"Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry," said Larry Ponemon, chairman and founder, Ponemon Institute.

"Millions of patients are at risk for medical and financial identity fraud due to inadequate information security," he said. "Information security in the healthcare industry is at the fulcrum of economic, technological, and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges – but it must. The reputation and well-being of those organizations upon which we rely to practice the healing arts depends on it," he said.

The top predictions for 2011 include:

• Health information exchanges, many of which will be launched by inexperienced and understaffed organizations, will force more attention on security and privacy.

"The healthcare industry is on the verge of a major shift," said Ernie Hood, vice president and CIO, Group Health Cooperative, one of the nation's largest consumer-governed healthcare systems. "Organizations are venturing into the electronic world for the first time as practices implementing electronic health records and states are launching health information exchanges.  A surge of new data will be brought online by a lot of inexperienced organizations fueled by monetary government incentives.  Mistakes are a certainty," he said. 

• There will be increased fines and regulatory action by State Attorneys General and regulatory agencies.

"In 2011, we can expect that the Department of Health and Human Services Office for Civil Rights will be gearing up its proactive audits," said Cliff Baker, managing partner for Meditology, a healthcare IT risk management and deployment services firm. "Where does this leave OCR audits in 2011?  They're probably directed at those organizations that have breaches attributable to known and published high-risk areas.  Look for those organizations to be dealing with OCR auditors camped out at their facilities in 2011."

• Data breaches and associated costs will increase, as penalties for information security negligence are acted on.

"As healthcare information becomes more mobile, issues with security will only become increasingly complex," said Sandeep Tiwari, CEO, Zafesoft, Inc., a provider of information security and control software.  "Healthcare is a mammoth space that changes and moves slowly, but when it does, it moves en masse. In the case of PHI/PII the laws were ahead of the technology," he said.  "To date, there have been no secure audit trails, which impacts the effectiveness of the laws.  If we can't track how and when private and personal information is accessed, we will never secure it," Tiwari said.

Story continued on next page.