Skip To Navigation Skip To Content Skip To Footer
    Insight Article
    Home > Articles > Article
    Chris Harrop
    Chris Harrop
    It is difficult to quantify all the technological forces putting pressure on the U.S. healthcare system. You’re likely inundated every day with news headlines about blockchain, AI and IoT — that’s artificial intelligence and Internet of things, to the uninitiated — and how each iteration is the next big thing in healthcare.

    And then there are the five dreaded words that flooded our email inboxes in late May: “We’ve updated our privacy policy.” Companies and organizations across all industries responded to the General Data Protection Regulation (GDPR) policies from the European Union that went into effect in May, creating a tsunami wave of updates to legalese that most of us skip over when signing up for a new service in our personal lives.

    Speaking of GDPR, let’s all breathe a sigh of relief that most patient data, regardless of the size or specialty of our organization, stay secured within our borders. Practices serving U.S. patients with data in EHRs that live on hard drives and servers in the United States generally will never have to worry about the GDPR. The vast majority of practices won’t need to worry about GDPR penalties for data breaches up to 4% of revenue or 20 million euros, both of which could make the average penalty for a breach in the U.S. seem relatively paltry.

    As practice leaders, you want to do everything within our power to both protect patient information and empower patients to control their information for better engagement and care outcomes — but to do so, you must acknowledge what this industry is up against in terms of both regulatory compliance and best practices in the health IT (HIT) sphere.

    It’s a safe bet that the most important acronyms you wrangle with in terms of your organization’s HIT are still EHR and HIPAA. Even without the type of policy updates seen from the EU in May, the HIT world moves rapidly enough to force healthcare leaders to regularly rethink how to approach even the most basic technological systems employed in your practice.

    As noted in the July 2018 issue of MGMA Connection magazine, healthcare providers are a very distant second behind insurers when it comes to the sources of reported data breaches. But answering that question of “who” is just the beginning — you must understand how and where lapses in security occur.

    National clearinghouse data points to hacking and theft as the top methods in which reported data breaches occurred over the past eight years. Both these types of breaches can occur in countless ways, and the methods by which hackers achieve them evolve over time.

    For example, the strains of ransomware that wreaked havoc last year in IT systems — from Nuance Communications to the United Kingdom’s National Health Service — bear little resemblance to the types of malicious software (malware) used in today’s cyberattacks. Even as organizations shore up the weaknesses in their IT infrastructure through patches and other regular updates, cyberattackers are motivated to find new ways to get the information they covet — and health information remains a very lucrative trade for them.

    Confronting this disturbing trend, MGMA has advocated for the U.S. Department of Health and Human Services (HHS) to modify current HIPAA Privacy and Security enforcement policies. As Robert M. Tennant, MA, director, health information technology policy, MGMA Government Affairs, points out in his article, federal authorities should “move away from a culture of ‘blaming the victim’” when it comes to cyberattacks and “to one focused on encouraging transparency and augmented education” that reduces threats to patient records safety with easy-to-comprehend guidelines, best practices and educational resources.

    The ability to shore up some of these foundational aspects of HIT systems will allow healthcare leaders to devote more time and energy to embracing innovative care delivery models that pay off for both patients and he bottom line, such as telehealth services.

    You don’t need to be a programmer to have successful HIT systems that appropriately integrate clinical care and customer service before, during and after a patient visit. What practice leaders should recognize is that as much as technological solutions are intended to break down barriers, they often can create new obstacles without careful consideration.
    Chris Harrop

    Written By

    Chris Harrop

    A veteran journalist, Chris Harrop serves as managing editor of MGMA Connection magazine, MGMA Insights newsletter, MGMA Stat and several other publications across MGMA. Email him.

    Explore Related Content

    More Insight Articles

    Explore Related Topics

    Ask MGMA
    Reload 🗙