One Year Later: Why Hasn’t Data Security Improved?

It has been almost a full year since we last wrote about a major breach in hospital patient data, but that doesn’t mean these events haven’t been happening. From 2010 to 2011, data breaches in the health industry increased by 32%, and analysts predict that number will increase again this year.

Another recent breach has been making headlines this week, and this case contains some very familiar elements.

A Boston Children’s Hospital employee apparently misplaced a company laptop while attending a conference in Buenos Aires. The laptop contained sensitive information on over 2,100 patients. Boston Children’s immediately contacted the families involved, and released an official announcement about the breach.

Two major facts stand out in the case, and they are points we have mentioned in the past.

1. The data was lost due to human error, not cyber crime.

2. Data on the laptop was not encrypted, but was protected only by a simple log-in password.

These are the same problems that have been plaguing health data security for the better part of a decade. Poorly trained employees and lax security leading to another easily-avoidable breach. Despite the efforts of CMS and HIPAA, nothing seems to make a dent in curbing these mistakes.

What do you think it will take to put an end to this kind of data breach? Are larger fines necessary? Is it simply a matter of internal training and structure?

Tell us your opinions in the comments below, and we’ll share your solutions in an upcoming response post!

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

Hospitals Next Year May Be Run More Like Airlines

For anyone who has flown in the past few years, the idea of applying airline regulations to…well, anything, may seem like a horrifying prospect. However, that very idea is now taking shape among some medical industry experts. Agencies in charge of patient safety and medical spending are looking to take a page from the National Transportation Safety Board (NTSB) in the form of “Blue Sheet Reports.”

In the aviation industry, when an accident occurs, the NTSB performs rigorous, in-depth investigations to the cause and results of, and possible ways to avoid, that accident. These investigative reports usually end up causing changes within the industry, both on the ground and in the air. The end result being fewer accidents, better prevention, and improved responses.

Agencies, like the Texas Medical Institute of Technology, want to apply this report format to the medical industry. They believe that these investigations would lead to fewer patient injuries and less wasted medical spending. American Medical News took a look at the recently-published article in the Journal of Patient Safety that outlined this new initiative.

The proposal is the latest iteration of a decade-long push for medicine to imitate the safety success achieved by commercial aviation, which slashed the risk of death in a crash from 1 in 2 million in the 1970s to 1 in 10 million today.

The NTSB’s so-called blue-cover reports of accidents often lead to direct changes in federal regulations, airline policies and in the cockpit, said Capt. Chesley B. “Sully” Sullenberger III. The pilot became a national hero when he successfully landed US Airways Flight 1549 in New York’s Hudson River in January 2009 after it was struck by a flock of geese that disabled the plane’s engines. All 155 people on board survived the accident.

Opponents to the possible change believe that the entire enterprise is redundant, and that today’s medical industry standards are more than capable of meeting the needs of patient safety.

What do you think? Are hospital patients at risk? Are in-depth investigations really necessary to bring about change, or can the industry police itself?

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

CMS Initiative Releases to Mixed Reviews

According to data from a recent CMS inquiry, nearly a third of the US Government’s $2.6 Trillion debt could be related to excessive medical spending in the nation’s hospitals. The data came to light during the first steps of CMS’s Medicare Spending Per Beneficiary (MSPB) Measure, which will provide financial incentives to hospitals with efficient, patient-oriented care. We first wrote about this CMS initiative in August of 2011.

Now, CMS has set October 2014 as the hard start for MSPB. Supporters believe that the measure will bring about positive changes to the ailing Medicare program, allowing the nation’s largest insurance provider the opportunity to save on some of the exorbitant spending of the past.

Others are less enthusiastic.

UCLA Health System’s Dr. Tom Rosenthal told Kaiser Health News, “I wouldn't take any of these cost measures to the bank…I think we need to know a lot more before we start publishing lists of hospitals and doctors and declaring who is most efficient.” Dr. Rosenthal is referring to CMS’s quiet roll out of the Hospital Compare website, which lists nationwide hospitals, and their MSPB score. Rosenthal, and many other opponents, feel that other factors – such as the well-known regional spending and health care usage discrepancies – could paint an inaccurate picture.

There is still plenty of time between today and 2014’s October roll out, but most experts agree that CMS’s first steps have been successful, even if a little imperfect.

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

New HIPPA Regulations: What You Should Know

Understanding new HIPPA regulations is a critical challenge for every institution. But with the help of instructional guides and white papers, understanding can come a little easier.

This best practices guide explores ways in which your health care facility can employ the most effective compliance strategies, ensuring not only HIPAA compliance, but secure patient information.

Click to view the PDF