Health Insurance Navigator

By Lisa Zamosky

Modernizing an outdated health records system is a major component of health reform. As a result of the new law as well as other legislation put in place over the past few years, much emphasis has been placed on the role of information technology to improve the delivery of health care, and an increasing number of organizations and physicians are engaged in the process of implementing electronic health records (EHR) systems.

Despite compliance with a range of federal regulations, however, breaches in health care data are on the rise. In fact, 96% of health care organizations questioned for a new survey by the Ponemon Institute reported at least one data breach during the last two years in which patient information was lost, stolen, or otherwise compromised. On average, healthcare organizations had four data breach incidents. That’s up by 32% since 2010.

The survey was conducted by the Ponemon Institute, an independent privacy and data protection group. Researchers questioned senior-level staff at 72 large health care organizations about data security and privacy.

Questioning the Safety of Healthcare IT

The survey offered up some additional eye-opening numbers:

• 55% of respondents said they have little or no confidence in their organization’s ability to detect all privacy incidents.
• 57% report not feeling confident that their organization could detect all patient data loss or theft.
• 90% of healthcare organizations say that breaches cause harm to patients, yet most (65%) don’t provide protection services for patients.
• Although 83% of those who responded said it’s critical to let victims of data breaches know about it as soon as possible, on average, it takes seven weeks to get the word out.

One of the biggest contributors to data breaches, according to the survey, is increased use of mobile devises such as smart phones and tablets. Information available on the go, it seems, adds to the risk that it will fall into the wrong hands.

That’s particularly worrying given the fact that more than 81% of healthcare organizations report using mobile devices to transmit, store and/or collect protected patient health information. Half of those organizations acknowledge that the devices are unsecured.

Protecting Yourself

It’s scary to think that your most private health information is floating out and about in the world. What’s more, nearly six in 10 organizations that participated in this survey said that data breaches also put patients at risk of financial identity theft. Clearly, the stakes are high when it comes to keeping your digital health information protected.

Just as with any information housed online, there are steps you can take to help keep your health data secure. Here, a few suggestions:

• Change it up when it comes to passwords. Don’t use the same password for all your accounts and use a mix of letters, numbers and symbols to make it harder for someone to guess what it might be.
• Do not respond to emails, phone calls or text messages asking you for personal health or financial information.
• Keep close track of all your accounts and report any activity that appears suspicious.
• Keep your Medicare card in a safe place; remember that your ID number is your social security number.
• Carefully review your Medicare Summary Notices and all explanations of benefits (EOB) and be on the lookout for any services listed you didn’t use.
• The theft of your personal information or identity should be reported to the organization that failed to protect it, as well as to your local police. In addition, you should file an ID theft complaint with the Federal Trade Commission.

Your turn: What concerns or hopes do you have about the growing use of information systems in health care?