While many medical facilities are working to integrate electronic health records (EHRs) smoothly, it is imperative that security remains a top priority. A data breach can cost healthcare organizations heavy fines and be detrimental to creating strong patient-physician relationships. Overcoming those obstacles could also prove to be increasingly difficult.
That is now what Indiana-based health insurer WellPoint faces, after being fined $1.7 million by the the Department of Health and Human Services (HHS). According to Reuters, security weaknesses in WellPoint's online database caused over 600,000 patients to have their personal data exposed. Information including names, telephone numbers, dates of birth, Social Security numbers and financial details were accessible between October 2009 and March 2010.
"As soon as the situation was discovered in 2010, we made information security changes to prevent it from happening again," WellPoint told Reuters in an emailed statement.
Organizations can face fines for HIPAA violations if it is found that they did not do enough to keep patient information protected. As WellPoint did not work toward fixing its online database until after data was exposed, HHS explained that that was why it issued such a heavy fine.
Managing comprehensive information systems is hardly an easy task, which is why healthcare organizations must remain diligent in keeping all staff members educated on new initiatives. The HHS investigation found that WellPoint lacked adequate policies and procedures for individuals to access its online database. By partnering with a hospital consultant who is well-trained in database security can help facilities keep sensitive information protected.
Healthcare IT consulting is necessary not only for care providers to have easier access to patient information, but also to ensure that the data does not fall into the wrong hands.