In recent years—and especially surrounding the launch of the Affordable Care Act (ACA) and Healthcare.gov—the healthcare industry has focused more and more on compliance (some would even argue that compliance has taken precedent over patient care). Yet many healthcare professionals are still unaware of what is and is not within the boundaries of regulatory requirements.
What does the Health Insurance Portability and Accountability Act (HIPAA) actually say? Does your organization apply to its requirements? While these may be somewhat easy questions for IT professionals, surprisingly, many frontline workers can't answer them. General awareness around information security isn’t much better, either.
The more important question to ponder: Has your IT staff created an environment that caters to information security, compliance, and patient care?
Security and compliance vs. productivity and care
Despite a glaring lack of general awareness, the core issues that hamper security and compliance initiatives run much deeper than a lack of education.
The real problem lies with healthcare IT departments, which often make it incredibly difficult—if not impossible—for providers to deliver fast and efficient care in a secure, compliant manner. Often, IT policies and technology become a roadblock, forcing doctors and nurses to make a pretty tough decision to bypass IT policies to deliver care faster and more efficiently, or work within the boundaries of security and compliance, but risk delaying patient care. For most care providers, the choice is an easy one: Providing quick, high-quality care wins every single time.
Of course, it’s hard to argue that prioritizing patient care is wrong, but in doing so, many healthcare professionals are turning to insecure, third-party tools to get the job done. While this can speed up day-to-day work, it puts confidential patient information at risk, and represents a major breach in compliance.
Cost of breaches, compliance rise
According to the Ponemon Institute’s “2013 Cost of a Data Breach Study,” 94 percent of surveyed healthcare organizations had experienced a data breach within the past two years. In the first quarter of 2013 alone, more than 875,000 records were exposed via breaches. The study also shows that the cost of data breaches is on the rise—up to a potential $1.5 million per record lost after the HIPAA Omnibus rule went into effect this September.
Bridging the gap between IT and health professionals is an absolute necessity to keep security breaches to a minimum. Here are five ways IT can better collaborate with care providers to eliminate data breaches and prioritize patient security.
1.Walk in your colleagues’ shoes
Expectations around information sharing have transformed dramatically in the past couple of years. Are your IT policies and file-sharing technologies evolving with them?
Doctors, nurses, and other healthcare professionals are under immense pressure to deliver top-notch service to more people than they can typically handle. When the technology at their disposal isn’t user friendly, the overbearing strain on their time forces them to choose the path of least resistance, which often means foregoing established patient security protocols for more convenient and familiar options, including insecure, personal email, mobile devices, and third-party sites like Dropbox. This is especially true when contacting patients while working remotely at home or on the road.
IT cannot (and should not) prevent health professionals from providing excellent, around-the-clock care, but it is their responsibility to ensure the privacy of every patient under all circumstances. Most third-party tools present major risks, but can you really blame your employees for using them if you’re not providing them with a better means to move and access information?