The U.S. healthcare system faces an "untenable situation" as less than half of the country's providers and practitioners use electronic health information systems but there exists an "epidemic" of electronic privacy breaches, according to a member of the team that produced The Financial Impact of Breached Protected Health Information, a report from the American National Standards Institute.
Health IT lawyer decries 'epidemic' of privacy breaches
"We have a healthcare delivery system right now that we cannot afford—there is going to be no new money coming into it in the foreseeable future, so we have downward pressure on healthcare spending at the very time when we have upward pressure on privacy breaches," said James Pyles, a principal at Washington law firm Powers Pyles Sutter & Verville and former general counsel at the U.S. Health, Education and Welfare Department, an HHS predecessor. "Those are two forces on a collision course. So what we hope with this report … is that we would help those involved in security make the case in the boardroom that it is a whole lot cheaper to avoid a privacy breach or privacy violation than it is to react to one."
Pyles said cases surrounding healthcare security generally settle for about $20 million and that "almost every privacy breach is now followed by a class-action lawsuit."
Meanwhile, Larry Clinton, president and CEO of the Internet Security Alliance—a trade association whose members include insurers and federal IT contractors—said it's important that hospitals and health systems see data breaches as "an enterprisewide issue" rather than solely an IT issue. Clinton contributed to the report and has advocated for establishing enterprise committees devoted to data breaches.
"People are the biggest problem,” Clinton said, following a panel discussion about the report. "That's a human-resource management issue, not an IT issue. So when you adopt this broader model that we're anticipating and advocating for, we think there will be broader support for funding within the organization."
Clinton also said he doesn't anticipate there will be any data-breach legislation included in the comprehensive cybersecurity bills floating on Capitol Hill this year. "And the comprehensive bills seem to be having a hard time getting through also," Clinton said, referring to bills by Sens. Susan Collins (R-Maine) and Joseph Lieberman (I-Conn.), and another by John McCain (R-Ariz.).
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.