Simply Security - News, Views, and Opinions from Trend Micro

Posted on May 31st, 2011 in Reports by Simply Security | 1 Comment | Tags: Compliance & Regulations

Healthcare providers must figure out a balance between efficiency and data protection when it comes to EHRs.

Though regulatory compliance has been a major focus as healthcare providers transition from paper to electronic health records, a new survey by GlobalSign found that many data security efforts have proven fruitless.

In a survey of 107 IT administrators and decision-makers, 56 percent of respondents indicated that their security teams spend between 25 and 100 percent of their time devoted to achieving compliance with certain regulations, such as the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health standards.

However, despite this devotion, 34 percent of respondents said their organizations had experienced some sort of data breach involving patient information within the past two years. Furthermore, 10 percent said they believe data protection failures that cost $100,000 per incident occur each day.

"Organizations need to thoroughly evaluate technologies before making a purchase and deploying. They need to make sure that the solutions they implement can respond to stringent requirements imposed by auditors while actually protecting data and patient privacy," said Lila Kee, GlobalSign chief product officer, in a release.

Recently, the U.S. Department of Health and Human Services has begun cracking down more heavily on healthcare organizations that fail to employ effective data protection and compliance practices. For example, earlier this year, it was revealed that the HHS fined Maryland-based Cignet Health $4.3 million for failing to comply with HIPAA.

While the Cignet fine was not related to a data breach – rather, for withholding medical records and for not cooperating with the HHS' Office of Civil Rights – it does show that regulators are placing more pressure on healthcare providers to meet certain standards, many of which mandate data protection.

This will be particularly pressing as healthcare organizations adopt EHR practices. While the move is expected to make the sharing of medical records more efficient, it may also open up more data security vulnerabilities.