SALT LAKE CITY — It’s simply crazy how frequently “data breach” is showing up on Google News’s left hand column of trending topics lately. It seems — at least, empirically — that nine times out of 10 when you click on “data breach” to find out what is the latest story getting major traction, it’s a health care data breach.
Three stories caught our eye last week, following the Stanford breach reported earlier this month:
• The San Antonio, Texas TRICARE affair involving the loss of patient data for up to 4.9 million military personnel, which set a new record for the number of patients affected by health care data breaches since new notification rules took effect in 2009; ongoing for almost 20 years, the breach stemmed from improper disposal of unencrypted backup tapes
• UC-Berkeley reported its own breach of 160,000 alumni records, including health data, blaming overseas database hackers
• A laptop theft, two Minnesota-based health systems reported, may have exposed 16,000 patient records
A fourth story, about a Connecticut company offering data breach insurance, can be lumped into the group, underscoring the point: These things are happening, and the more we entrust patient data to technology, the more exposed to breaches healthcare organizations become.
Health information managers, comprising the bedrock of AHIMA’s membership, are getting wowed this week by exhibitors showing advancements in key technologies such as computer assisted coding systems, speech recognition systems that are rapidly evolving just in time for EHR system rollouts and the additional documentation that ICD-10 codes mandate, and enterprise content management systems that are emerging from their 1990s-era coma to assist in the national digitization of paper in medical records workflows.
Yet with each new technology comes a layer of complexity — and add data breach vulnerabilities — to a health IT network. While the IT technicians can configure systems, encrypt data and throw security technologies on top of all that, they need the help of the HIM managers who can set and enforce policies that prevent breaches. After all, hackers account for only 5% of data breaches, according to the U.S. Department of Health & Human Services’ Office of Civil Rights, which enforces HIPAA privacy and security rules. On many of the remaining causes of data breaches (such as outright loss, improper disposal of paper records, etc.) the HIM manager can go a long way in prevention.
So yes, AHIMA members, enjoy the vendor floor show and mad knowledge in the expert educational sessions that will help get you through what looks to be a chaotic transition from ICD-9 to ICD-10, while your hospital is getting into compliance with meaningful use criteria. However, don’t forget to monitor all the extra trap doors these initiatives and technologies open wide for would be patient-data thieves. Hospital senior leadership, as well as HIPAA enforcement authorities are counting on you. Plus, if you make the IT staffers look good with your help in preventing data breaches, they just might let you get first crack at the new computers when they come in.