Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn about COVID-19 privacy and security concerns with re-opening businesses, how machine learning can shift volume-based care to value based-care, and more.
When it comes to healthcare data breaches, the culprit can oftentimes be identified as a careless employee. Research from the past ten years shows that insiders were responsible for a majority of the breaches at healthcare organizations — and that most of those breaches were accidental.
Of the almost 1,500 healthcare data breaches analyzed in a recent study, sloppy behavior by employees accounted for a shocking 25%. Taking a closer look, the most common cases of employee negligence were simple mailing mistakes such as, sending sensitive letters to the wrong recipients, printing Social Security numbers on mailing labels, or making confidential information visible through envelope windows. These are the type of errors that can be easily avoided with basic training for employees around best practices.
In the same survey, many data breaches could also be attributed to unauthorized access or employees taking health information home. These actions could be better addressed if healthcare providers had stronger internal controls in place and their employees followed the right protocols.
Read the full article to learn more about how to avoid common mistakes and mitigate internal risks posed by employees.
Serving over three million people in New York who largely depend on Medicaid and Medicare, Montefiore Medical Center uses predictive analytics to provide “whole-person care,” according to Vanessa Guzman, former Associate Vice President of Quality and Network Management at Montefiore.
The analytics tool evaluates claims, EHR, and self-reported data to scan for patient risks and allows the health system’s emergency department to screen patients from the point of care, flagging them in Epic, and designing a discharge plan that potentially involves other community-based providers. By using this technology, the numbers of preventable re-admissions to the emergency department have reduced.
“Technology alignment is the key,” Guzman said. “It’s important that there is centralization and governance around the selection … that we pull together to service our patients. We have to prioritize our process.”
Businesses are re-opening, which raises questions on privacy and security considerations for collecting COVID-19-related health data from employees, customers, and more. In this Healthcare Info Security interview, privacy attorney Iliana Peters of Polsinelli discusses:
- Common misconceptions regarding collecting health data by non-healthcare industry businesses
- How HIPAA and other laws apply to the collection and use of health data
- Top privacy and security challenges during the COVID-19 crisis
“You want to make sure you’re maintaining that information in the appropriate way according to state or federal law – and in a secure way.” – Iliana Peters, Shareholder at Polsinelli
As healthcare organizations increasingly leverage the cloud for clinical, operations, and storage use, the industry at large becomes more data driven. With the abundance of unstructured health data that is stored in the cloud, automation can be used to gain insights and support the shift from volume-based care to value-based care.
“There is a huge shift from volume to value-based care: 54% of hospital CEOs see the transition from volume to value as their biggest financial challenge, and two-thirds of the IT budget goes toward keeping the lights on,” said Arun Ravi, senior product leader at Amazon Web Services.
“Machine learning has this really interesting role to play where we’re not necessarily looking to replace the workflows,” he continued, “but give essentially a superpower to people in healthcare and allow them to do their jobs a lot more efficiently.”
For more information on how machine learning can be used to leverage unstructured data, read the full Healthcare IT News article.
Both patients and healthcare providers want to maintain the privacy and security of protected health data (PHI). But the need for interoperability – when healthcare data is exchanged between systems – as well as the constantly changing landscape of data sharing, can be a roadblock to maintaining patient privacy.
To address this challenge, Healthcare IT News gathered two experts – Helen Oscislawski, Healthcare Attorney at Attorneys at Oscislawski LLC, and Gerry Blass, President and CEO of ComplyAssistant – for a Q&A designed to help CIOs and CISOs navigate how to maintain data confidentiality as it is shared between providers.
“The best way that CIOs and CISOs can balance HIPAA with the interoperability and information-blocking rules is to truly understand the requirements and restrictions of each. Too often I hear misinformation or misunderstandings about how certain provisions of HIPAA are defined or applied. The same is true for the interoperability and information-blocking rules. The key is to get educated on an accurate reading of what the rules actually say, or don’t say.” – Helen Oscislawski, Healthcare Attorney at Attorneys at Oscislawski LLC
A year ago, in the aftermath of Facebook receiving a $5 billion fine for privacy violations along with British Airways and Marriott’s massive fines by the U.K. Information Commissioner’s Office, information privacy seemed to be at its peak. But as the impact of COVID-19 grew, data privacy has become front and center once again.
From employees moving to remote work to HIPAA telehealth enforcement changes, and tracing apps, concerns about privacy have grown exponentially in 2020. To meet the needs of privacy professionals, IAPP has partnered with EY for the “IAPP-EY COVID-19 Privacy and Trust Research Project.” Over the next few months, IAPP and EY will follow and document privacy issues surrounding COVID-19 and beyond.
For more details, read the full IAPP article.
As the spread of the coronavirus is mapped, some organizations are becoming bogged down by manual processes.
The goal of mapping the spread of COVID-19 is to empower health researchers to better understand how the virus is moving in the hopes that it can be prevented from impacting more people. But the manual and paper-based efforts to collect data may miss key information that flags surges of the infection to researchers. For example, EHR data is not included in the collected information.
“Every hospital I know is calculating this by hand, manually entering it into spreadsheets and sharing them with the federal, state and regional health agencies. Copies of spreadsheets are flying hither and thither.” – Aneesh Chopra, President of CareJourney and former Chief Technology Officer for the U.S. during the Obama administration
For more details on these processes to collect COVID-19 data and initiatives to automate them, read the full Healthcare IT News article.