We all have our secrets. Some we would share, and some we place under lock and key, and it is usually with only our closest ally that we disclose those precious details in hopes of preserving our reputations and even our lives. Notice I don’t say ‘friends,’ because while I have some wonderful friends, some of them can’t keep a secret to save their own lives much less mine.
Wisdom breeds privacy when it comes to our life data. And though our emotions might be worn on our sleeves, it is only the fool who is loose with his social security number, but this is just one piece of data we would like to keep under lock and key, and it is why I cringe when a company asks for it. The more companies that ask, the more opportunities to there are to get hacked, so we want to make sure that those who carry such secrets are keeping it in a very tightly locked vault. That is security.
Soon our Health-I.D., standardized or not, will also be on the line along with any other information on our EHR (electronic health record), which is now being mandated by the federal government and coming to a Health Organization near you.
Know this. Though identity theft is really bad and can plague us for weeks or years, it is nothing compared to the inconvenience of having one’s EHR stolen. Imagine going in for a medical procedure 10 years from now and being turned down because someone else has had the same procedure under your identity, or having your insurance rates increase because you are carrying a cancer diagnosis belonging to someone else. Not to mention that once you’ve been hacked, chances are slight that you will ever resurrect your healthy status with your insurance company back to what it was.
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. Health organizations are now exiting the culture of compliance and entering the culture of prosecution when they fail in keeping your information safe. At the moment, over 70% of all health organizations are not yet compliant…and probably won’t be until punitive action occurs, but this is one area where an ounce of prevention is worth a pound of cure.
Now this brings up a few questions that you probably want to ask your local healthcare provider: With whom do they share, what vendors have they chosen to partner in sharing details of your life (privacy), and what measures have those partners taken to secure that information (security)? How hackable are the heart monitors and insulin pumps, now loaded with memory chips that contain your identity? The answer to that one is quick: very. And do the screen shots that contain your Health-I.D. in the Radiology lab sit on the administrator’s desktop because he is too lazy to use a more secure procedure?
This carelessness is costly to you, as well as, the hospital. For every dollar a hospital loses in fixing the problem, they need to earn $40 to recover. If it costs $1,000,000 to repair a breach, that is $40,000,000 they need in revenue to compensate. So where does that money come from? Unfortunately its the customer; either in insurance rates or cost of health care.
I groan when I am required to sign HIPAA forms at the doctor’s office, but if it is one step closer to resolving the issue then it is a only minor inconvenience. Still, it is up to your health organization to take this seriously by becoming compliant now. Those hospitals who have already been breached are now 4-times more secure than the average corporation. Why? Because it was extremely costly and they never, ever want to see that happen again.
As more and more vendors begin carrying data that is so crucial to you, it is important to know the difference between privacy and security. And if you are one such vendor, it may be good to remember that you hold the lives of many in your hands.