The concern about security of sensitive information is rightly a sensitive issue. One big breach on the Internet jeopardizes the momentum of the data-fueled healthcare improvement movement.
Indeed, a survey last year by the California HealthCare Foundation showed that the public viewed the computerization of medical records as the most serious threat to medical privacy. "We can't afford to have systems that don't have sufficient protection and integrity," says Shannah Koss, an executive at IBM Global Solutions who is in charge of services relating to the Health Insurance Portability and Accountability Act of 1996.
The industry cannot ignore the positives of computerization in the fight to protect privacy, says Donna Holmes, who leads the HIPAA consulting practice for health plans at First Consulting Group, a Long Beach, Calif.-based healthcare information technology consulting firm. "The biggest risk for security is in-house and has nothing to do with the technology itself."
In fact, technology can do a better job of keeping sensitive records away from prying eyes, she says. With passwords, access controls and the ability to track who has seen what, well-planned information systems can curtail the document-passing that affords fleeting opportunities for unauthorized peeping. "The electronic age is allowing information to be passed throughout an organization without anyone ever seeing a piece of paper," Holmes says.