How secure is your healthcare information? That’s a question a lot of people have been asking as more and more patient data is being stored electronically—and as more and more health insurers who manage patient records have seen their information systems attacked.
Massive amounts of confidential data—patient records as well as in some cases associated financial information—have been stolen. One industry assessment noted that reported breaches for 2015 add up to more than 112 million stolen medical and healthcare records. Equally startling might be the fact that medical and healthcare accounted for two-thirds of all stolen records in 2015.
Indiana isn’t immune from healthcare data breaches. In 2015, nine incidents were reported, up from five the year before. More troubling is the amount of records affected by those breaches: In 2014, only 69,000 records were involved; last year, that number jumped to 4.3 million. The huge increase reflects, in part, the increased capability of hackers. But it’s also a function of the continuing migration of more and more patient information into larger and larger information systems.
When records were stored on paper, they were difficult to access and cumbersome to copy or steal in quantity. Digitized records that are fully accessible online are a great advance in patient care. They allow all healthcare professionals quick access to the same information, improving diagnosis and quality of care while at the same time reducing some risks, such as dangerous medical interactions when physicians are unaware of existing prescriptions.
But these gains have come with a price. Once someone gains illicit access to the system, it can be much easier to take records and large amounts of records. The theft of more than 78 million patient records at Indianapolis-based Anthem was, in fact, the largest single United States cybersecurity breach reported in 2015.
There are two items that can be considered good news when it comes to healthcare information security. One is that as part of HIPAA, a law that covers electronic medical records confidentiality and accessibility, misuse of medical information is a crime. HIPAA penalties, including fines and potential jail time, were increased a few years ago, and prosecutions are up.
The other good news is that organizations who hold large amounts of medical data, such as insurers and hospitals, have become aware of how vulnerable they are. It is now a priority for many of these institutions to dramatically improve data security. In addition to their clients’ data, their reputations and corporate stability are now on the line: Moody’s is now including the risk of cybercrime in its bond rating calculations.
Patients should always be responsible as well: Never share medical data except with appropriate professionals, and safeguard important information such as credit card data and your social security number.
If you or a loved one have been injured as a result of medical malpractice, contact the attorneys of Wilson Kehoe Winingham. An experienced Indianapolis medical malpractice lawyer at WKW can help you get the compensation you deserve. Call 317.920.6400 or fill out an online contact form for a free, no-obligation case evaluation.
Let WKW put our experience to work for you. Contact us for your free case evaluation.