Thursday, June 23, 2011

HIPAA & EHR Security -- Can the Answer Be Found in the Cloud?

On a public website, the Department of Health and Human Services maintains an infamous list known as the “wall of shame.” The site publishes the names of facilities responsible for HIPAA violations affecting 500 or more people. But do we truly understand how the violations occur?  With so many recent news stories about online security and super-hacker group LulzSec, it is easy to blame digital recording. However, after a closer review of the HHS website information, that simply is not the case.

Most often, violations occur due to physical theft and loss. The statistics provided in a recent Software Advice article state that only 6% of the violations are attributed to hacker activities. Of the remaining incidents, 61% are linked to physical theft and loss. Why is there such a difference between public view and reality? Part of it is the media; a story about criminal elements breaking in to secure servers is more interesting than one in which an otherwise skilled employee misplaces a disc. Another part of it is fear. When the public hears about hackers gathering millions of credit card numbers overnight, they assume that all online data is up for grabs.

Whatever the reason, the facts are clear. The vast majority of HIPAA violations and data loss are due to the mishandling of physical files or equipment. With that in mind, EHR security must continue to evolve and work closely in conjunction with newer technologies that show signs of stronger security for our most sensitive personal information.

Cloud technology could allow these medical records to exist in a purely electronic form. Online banking has been commonplace for years, with hardly a second thought and as Michael Koplov, author of this Software Advice article, succinctly points out, “Just a hunch, but I bet more hackers want my credit card information than my HDL/LDL ratio.” In a comment to Merrill Corp, he goes on to say, “I analyzed this data and found that the HHS has no record of cloud-based EHRs being implicated in these large-scale security breaches.”


Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at

No comments:

Post a Comment