Technology continues to make information more readily available to a larger group of people than ever before. Yet even as the latest technological advances bring a greater wealth of opportunities for sharing and distributing knowledge, each advance also increases the risk that sensitive data will land in the wrong hands. The more sensitive the data, the greater the risk—and few industries handle a larger volume of sensitive data than the healthcare industry.
Passed by Congress in February 2009, the American Recovery and Reinvestment Act (ARRA) was designed to jumpstart the nation’s economy by boosting investment in the health sector. Key provisions of the legislation included as much as $27 billion to support the adoption of Electronic Health Records (EHRs) among U.S. healthcare providers by 2012, with financial incentives for those who did and penalties for those who did not. One year later, Congress followed up ARRA with the Patient Protection and Affordable Care Act (PPACA), which required healthcare providers to share patient data via information exchanges.For many healthcare organizations, EHR implementation is now complete. “Meaningful use” is now the challenge at hand. And the simple fact is that a significant number of U.S. health providers remain unprepared for the real privacy and security challenges to come, and healthcare security is among the worst of all industries.
This report looks at the challenges and requirements of protecting confidential patient data online, the risk of security breaches in the world of EHR, and the measures that healthcare organizations must take in order to achieve and maintain compliance.