Healthcare It Security & Hipaa Guidelines (Hba Discussion)


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Healthcare It Security & Hipaa Guidelines (Hba Discussion)

  1. 1. Healthcare IT security- is this the first real test? Healthcare IT Security... Hackers Demand $10 Million Ransom for Health Data Washington Post - May 05, 2009 Hackers are trying to extort $10 million after breaking into a Virginia state Web site used to track prescription drug abuse and allegedly holding the data hostage. Comments (1) 1. Rachel Phillips Founder/CEO at Medrok, Inc. The healthcare industry has been held "hostage" by their fear of exposing patient information, reluctant and intimidated by valuable technological advances such as on-line communications that would save our floundering system billions. When HIPAA regulations were put in place with criminal punishments for exposing personal patient information, healthcare providers and insurers became nearly paralyzed by the scope of these regulations and the somewhat vague laws which were open to "loose and misguided” interpretation. As a medical case manager, I called a skilled nursing home to find an available lower cost bed for a hospital patient and the skilled nursing facilities admission dept. told me that they could not give out their available beds due to HIPAA regulations!!!??? Most certainly, HIPAA guidelines did not include revealing vacant beds. Yet, I would sign in through security to see hospital patients and was required to stand behind a taped red line which was only several feet from the desk. As I waited in line, the visitors were very audibly giving the security guard the patient’s full name, at times even mentioning why the patient was there. It was as if they thought all sound was stopped at that taped boundary. When I mentioned this to the security guard and that perhaps visitors should write down the information, he showed absolutely no interest in my observations. When I was working in the ICU and bathing a patient behind her bedside curtain, a family came in through the unlocked ICU doors looking for their family member, wandering around the unit and actually pulled the curtain back observing my patient’s exposed state.. I informed the Director of Nursing about putting a lock on the doors and it was as if she thought exposing paper information was more important than exposing a patient's body to strangers.
  2. 2. Bottom line: HIPAA regulations require healthcare providers to protect health information and guard the privacy of patients with constant vigilance For negligence or willful violations, perpetrators will be prosecuted to the fullest extent of the laws. Our healthcare system can no longer afford to be crippled by the threat of hackers and criminals, reluctant and refusing to utilize available cost- saving technology. In fact, available technology affords better security than paper, faxing and phone calls. Fingerprint identification, encryption, "shelving" or in- activating information until it is needed, cataloging patient records on micro-chips are all higher level security measures than a "taped" line on the floor. As long as we use careful and APPROPRIATE watchfulness to protect patient information, we will meet and exceed the purpose of HIPAA laws. And lastly, there are regulations about the unlawful recipients of protected patient health information and how they might use that information for financial gain. If a hacker obtains healthcare records and has no one to “sell” them to, there will be no point for their criminal endeavors.