As more health care providers adopt electronic health records, the increase in health data breaches is raising concern among patient privacy advocates and public health officials, Kaiser Health News/Washington Post reports.
Recent Data Breaches
Recent data breaches have occurred at:
Addressing Privacy Concerns
HHS has the authority to issue subpoenas when enforcing HIPAA privacy and security rules, but between enactment of the law in 2003 and late 2011, it has used that power only twice, according to a report the agency provided to Congress. In addition, HHS assessed a monetary penalty only once during that time, the report noted.
Susan McAndrew — deputy director for health information policy at HHS’s Office of Civil Rights — said, “The industry is very interested and responsive to correct the mistakes that they make and improve their privacy policies, so it’s not necessary for us to resort to these types of penalties.”
However, at a November 2011 Senate hearing, HHS was criticized for its lack of enforcement on data breaches. During the following six months, the agency reached settlements on several HIPAA cases that included more than $1.5 million in penalties.
Deven McGraw — director of the Center for Democracy & Technology’s Health Privacy Project — said that prior to the 2011 Senate hearing, HHS had been losing credibility on HIPAA enforcement. McGraw said she is pleased with HHS’ quick response to criticisms.
However, McGraw noted that federal regulators only can mitigate the risks associated with EHRs. She said, “No matter how good you make the technology, we’ll never get the risk down to zero,” adding, “But we can do a lot better than we have been doing” (Schultz, Kaiser Health News/Washington Post, 6/2).
Source: iHealthBeat
Comments are closed.
Copyright 2015 - Pulse Practice Solutions | 615.425.2719