Friday, 14 November 2014

Be Prepared for EHR Breaches, Experts Warn

David Wild, Clinical Oncology News

If you have not yet endured an electronic patient data theft, you most likely will experience one before too long, experts warn. They say the transition to electronic health records (EHRs) has not been accompanied by adequate safeguards, and they are calling on physicians to do more to protect patient data.

“Health care systems will be seeing large-scale hacks of the type we’ve seen with retailers like Target,” said Katherine Downing, MA, the director of Health Information Management Practice Excellence at the American Health Information Management Association, in Chicago. Ms. Downing noted that the FBI recently warned health care providers about the likelihood of such cyber attacks (​1w9sZSL).

Health data are much more valuable than data from other industries because EHRs typically contain far more information, said Ms. Downing. Indeed, a single complete EHR profile can include information on health insurance, prescription drugs,come to realise financial details and Social Security numbers. That wellspring of information means a record can sell for $50 on the black market, while a Social Security number fetches only $1 (​1pS2nzz).

Read More . . . .

In Australia Police have no legislative powers to charge private health sector employees or contractors who steal patient data from their employer. In fact there is almost complete ignorance within Governments, at both State and Federal levels, to the lack of powers available to any authority to charge insiders who steal personal information.

Most business owners are not even aware of the issue and only come to realise they have no where to go, except the civil courts, after an event. The civil process is prohibitively expensive for most small businesses particularly after a data theft has robbed the business of its main source of revenue. And if there is no data specific contract, with the insider data thief, there is little to no chance of getting a favourable decision.

If your business is in the private health industry it is only a matter of time before a self entitled insider steals a patient list. To have any chance of preventing insider data theft you need very specific data, IP and indemnity clauses in your agreements. In addition your Privacy Policy with patients should be read, acknowledged and signed by all employees, sub-contractors and anybody else who has lawful access to the business (example cleaners, IT contractors etc.). An indemnity clause should also be included and acknowledged by the signatory.

If you need assistance
contact us