Health Industry Lacks Patient Data Safeguards
A vast majority of hospitals, doctors, pharmacies and insurers are eager to adapt to increasingly digital patient data. However, less than half are addressing implications for privacy and security, a survey of healthcare industry executives by PricewaterhouseCoopers LLP found.
PwC’s Health Research Institute interviewed 600 executives in the spring of this year and also found that less than half of their companies have addressed issues related to the use of mobile devices. Less than a quarter have addressed implications of social media.
“The health IT and new uses of health information are changing quickly and the privacy and security sometimes may not be moving in step,” said Jim Koenig, a PwC director who is among the contributors to the report.
“That is some of the most sensitive and important information to a consumer, so with the advancement of healthcare IT it’s only natural that advancements in privacy and security should come along.”
Health IT has been in the spotlight in the past two years after attracting extra federal money under the 2009 stimulus bill, which included a provision encouraging doctors and hospitals to adopt electronic health records.
U.S. health and drug regulators are expected by the end of the year to finalize their updated rules on patient privacy protection, and they also continue to adapt to new technologies coming to health labs and physicians’ offices.
Some 74 percent of healthcare organizations were planning to expand the purposes for which they use electronic patient health data, the survey found. For instance, that may mean looking across patients to find better treatments or tracking records of one patient from doctors and pharmacies to analyze medication adherence.
But only 47 percent of the companies have or are addressing related privacy and security issues, the report said.
Reports of security breaches, although many not directly related to health IT, are not uncommon in the health industry.
Just over half of surveyed executives said they were aware of some kind of a privacy or security breach at their companies in the past two years, with hospitals being the likelier offenders.
(Reporting by Alina Selyukh in Washington; Editing by Richard Chang)