For years, healthcare officials have worried out loud that privacy and security breaches could undermine public support for a federal program to accelerate the shift from paper to electronic health record (EHR) systems. But for just as long, healthcare spending on security has lagged behind security spending in other industries.
Recent survey reports from HIMSS peg average healthcare organizations’ spending on security at about 3% of their IT budgets. “That’s too low to get the job done,” said an executive from a healthcare IT company, quoted recently in a Modern Healthcare article. “People in healthcare just have to wake up,” he said. “Healthcare data is a lucrative target for these guys.”
I couldn’t agree more! My position is that the movement towards EHRs is essential for higher quality patient care and increased efficiencies in the healthcare delivery systems. These types of data breaches should not delay this movement. Insurance companies, providers and their services and technology vendors must step up their data security and encryption efforts.
I sincerely believe that with all of the technological expertise we have at our hands in the healthcare industry, we can stop 99 percent of these breaches. According to what I have read in the newspapers and magazines, the recent breach at Anthem was not instigated by sophisticated data intrusions, but by multiple, simple “phishing” expeditions for passwords, conducted over several weeks, within with the breached company’s employee base.
These kinds of data breaches should be able to be identified and contained. They are not that sophisticated and should not provide access to any company’s vital records. We must not allow these hackers to de-rail our critical movement toward the EHR. We have the ability to devise security and encryption technologies that will foil these hackers. Let’s budget the resources and get it done!