HIPAA, HIT, & Data Security


It has never been more challenging to keep information private when living in a modern age of cloud based information sharing.  And yet, for some industries to function, information must be kept private and secure at all times.  A good example of this need can be seen in healthcare.  According to a recent Forbes article, over 112 million dollars worth of data breaches occurred including more than 253 large scale breaches.  Despite directed attempts by IT professionals to secure data, there is still some risk of it being breached.  With this in mind, let’s take a moment to examine HIT, and how it relates to HIPAA and data security.

The Basics

HIT, (or Health Information Technology) handles what is referred to as Protected Health Information and is regulated by Health Insurance Portability and Accountability Act passed by the US Congress and also known as HIPAA.  HIPAA sets into place guidelines regarding patient information.  Along with requiring that the information be properly controlled, some control is given over to the Department of Human Services (DHS) through the HITECH or Health Information Technology for Economic and Clinical Health act.  DHS has the power to regulate the compliance of hospitals with guidelines regarding the protection of health information.  Proper use of the information is referred to as ‘meaningful use.’  For additional information on HIT, see CCHIT.

Meaningful Use

Eligible professionals within the medical community who demonstrate ‘meaningful use’ when handling protected health information through HIPAA and the DHS can receive certain incentives.  These incentives are designed to push the hospital towards correct policy, ensuring the continued protection of the client data.  There are incentive programs put in place for both Medicare and Medicaid, ensuring that different guidelines are met before the eligible professional receives their incentive.  While simplistic, ‘meaningful use’ has gone some way to helping create standards within the industry regarding use of personal and private medical information.  The end result is a reduced chance of data security breaches.

Fines & Punitive Actions

So, what happens if a hospital experiences a large-scale data hack designed at pulling out confidential protected health information?  Good question.  First, an investigation is done to find the cause of the breach and to identify what could have been done otherwise to stop it.  The DHS is capable of issuing fines to institutions that are found to be acting below the standards put in place for securing the privacy of patients.  Such fines and other punitive actions are used to ensure that the hospital complies with the regulations, decreasing the risk of data breaches in the future.  If the hospital or other health related organization is functioning as expected when the attack occurs, then no fines or punitive action may be taken.

The Need For Data Security

Whether it is a result of government regulation or otherwise a simple matter of morality in the digital age, keeping data secure has never been more important.  The stakes are even higher when considering the Benefits of HIT and how it has helped to revolutionize how doctors and medical staff approach treating patients.  What are required are a systematic re-evaluation of security protocol, better training, and a standardization of how medical records are properly secured.  With HIT helping to do just this, every breach that is recorded acts as a means of figuring out what is wrong in the system.  As the industry continues to improve and HIT becomes standard in practice and understanding across the US, data security issues will hopefully lessen.  Until then, HIT security is one of the most important things for a hospital to invest in today.