Unhealthy: 2011 Saw Surge In HIPAA Compliance Issues

From article posted on Forbs.com on line

By: Alex Blau: The wrath of HIPAA.

It’s one of the less pleasant healthcare trends of 2011: information is becoming less secure while enforcement is growing more stringent.

According to a recent Ponemon research study, data breaches alone have risen by 32%. Ninety-two percent of all healthcare institutions report they’ve experienced one in the past two years, and each such incident costs an average of $2.2 million. At the same time, the Department of Health and Human Services recently began conducting formal audits of HIPAA-compliance, with accompanying risk of civil and even criminal penalties. The Joint Commission on Accreditation of Healthcare Organizations has announced a “ban” on physician texting, stating that SMS is not an acceptable method of communicating patient information.

In step with these developments, 2011 was a banner year for HIPAA crackdowns. Over the past months, we’ve seen an increasing number of high-profile individual and institutional violations, each of which has brought growing public and government attention to the issue. Here, just a sampling of the stories making headlines over the past months:

  • February: Massachusetts General Hospital was ordered to pay a $1 million federal fine after a hospital employee left patient medical records on a subway train.
  • April: A Rhode Island physician was fired, fined and officially reprimanded by the state licensing board for posting about a patient online, despite not including patient identifying information.
  • July: UCLA agreed to pay a $865,000 fine to settle possible privacy violations involving improper disclosure of medical records.
  • August: A Detroit nurse lost her job after posting about (but not naming) a patient on Facebook.
  • September: Stanford University was hit with a $20 million lawsuit over a data breach that exposed the names and diagnoses of 20,000 patients online.
  • October: Two class action lawsuits were brought against Sutter Health following the theft of a desktop computer that contained information affecting over four million patients.

In short, we’re seeing an urgent need for HIPAA-secure messaging. Fax and pager technology have been the staples of safe physician communication for decades, but they are also clunky, inconvenient and feature-poor. Moreover, they’re increasingly outmoded. Some enterprise solutions have cropped up, but are so far limited by dedicated hardware requirements, costly and cumbersome implementations, and a restricted ability to communicate across institutional boundaries.

As physicians, we are in dire need of a secure, fast, and convenient way to discuss and coordinate patient care. Here’s to making password-protected, end-to-end encrypted HIPAA-secure communication services a key part of healthcare in 2012.