A recent study by Redspin found that the number of health data breaches in the U.S. increased by 97 percent from 2010 to 2011. Those incidents caused protected health information (PHI) to be compromised in all 50 U.S. states.
While you might have only heard about the breaches that affected hospitals, large healthcare organizations weren’t the only ones being hacked in 2011. 91 percent of small provider organizations surveyed by the Ponemon Institute reported suffering at least one data breach last year.
An Oft-Neglected Concern
Physicians and administrators in private practices understand that the security of patient data is important, but don’t always commit to making security a priority.
According to a report from Kroll, a consulting company, small medical practices are more vulnerable to security breaches because they tend to use less advanced technology than larger provider groups. Hackers are thus targeting smaller practices as “the path of least resistance.”
Managers may think that deploying the tools that would make them less susceptible to a data breach is too expensive an investment. After all, financial constraints are a major reason small practices continue to rely on the outdated technology that makes them so vulnerable.
“Health care providers and supporting organizations don’t currently have sufficient security and privacy budgets, including adequate processes and resources, to protect sensitive patient data,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
But no matter the state of your finances, there is a security solution that’s right for your practice – and you need to work to find and implement it.
The Cost of a Data Breach
A breach of the PHI housed in your medical office can result in fines, lawsuits, patient defections and harm to your practice’s reputation. As a small practice, recovering from the consequences of a data breach could prove insurmountable.
Unfortunately, there are no one-size-fits-all cure to make your practice’s data more secure. Finding the right security solution requires that you know your needs as an organization and delineate the “at risk” value of your practice’s PHI.
A new resource from the American National Standards Institute (ANSI), “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” can help you do that.
The report – free to healthcare organizations – provides administrators and others with “information to help them better understand the potential risks and liabilities resulting from data breaches.” It presents a “PHI Value Estimator” method, which can be used to estimate the costs your practice would incur were it to suffer a breach.
The report is designed to help administrators determine the right level of investment to put into enhancing their data protection measures.
A Solvable Problem
Your security needs will be dependent on the size of your organization’s patient base, your staffing levels and your technology system, among other factors. If yours is one of those more vulnerable practices relying on outdated technology, upgrading to a new system could greatly enhance the security of your data.
If you’re highly concerned with keeping the costs of a technology update to a minimum, consider a deploying web-based, “cloud” solution. Not only do cloud-based systems encrypt data upon receipt and store it securely online (leaving no hardware to steal) they’re usually more affordable than traditional client-server software. Those benefits make them a popular solution for small physician practices.
Health IT is an industry that’s growing more and more accommodating to medical establishments of all sizes, having finally recognized that what’s right for a 400-bed hospital may not be right for a two-doctor clinic. That’s why the time is right for your practice to seek out, find and utilize a security solution that’s the right fit for your needs.
How did your practice find the right level of investment for your data security?
