There should be no doubt that we are witnessing a changing landscape for healthcare IT. As the government gives billions of dollars in incentives to hospitals and medical practices to implement electronic health records the repercussions are being heard around the country.
Medical practices are going from low-tech businesses that focused on paper charts and very little IT technology to high-tech businesses with more servers, desktops, laptops, etc than employees. These business are implementing complex networks that include the integration of EHR/EMR, digital x-rays, ultrasounds, email, electronic faxes and many more technologies. With these new high-tech networks comes the responsibility of protecting the enormous amount of electronic data being created. These small businesses lack the IT skills and personnel that are required to manage and support the increased level of IT infrastructure.
Since 2009 there has been close to 20 million patient records that have been breached. In the past you would need a truck to steal 10,000 patient charts but now information on 10,000 patients can be loaded on a thumb drive which is easily lost or stolen. Make no mistake that we are looking at an epidemic of breached patient records.
The government is also taking notice. As they are giving away billions of dollars in incentives they are also seeing the rising number of patient data breaches. And before the nation loses confidence in the ability of healthcare organizations to protect patient information, they are determined to reverse the trend. The first step in reversing this trend is to ensure that the regulations that protect patient information are no longer ignored. For years HIPAA regulations have been largely ignored due to lack of enforcement. The Office of Civil Rights (OCR) has made it clear that HIPAA regulations will be enforced and that the only way to protect patient information is through enforcement. We are seeing random audits of all size healthcare organizations and fines being handed down.
It would be hard to argue that there is a changing landscape of healthcare IT. Healthcare organizations of all sizes are waking up and realizing that owning patient information means assuming the responsibility of protecting the information. And owning responsibility carries financial risks if not done correctly. Will this new landscape change the tide and reverse the ever increasing amount of patient data breaches? Only time will tell. But make no mistake, the attitudes and lax security practices of the past will carry significant risks to healthcare organizations.