HIMSS Study Reveals PHI Breaches Are On The Rise

Posted on by Frank J. Rosello

A recent study from HIMSS Analytics and Kroll Advisory Solutions found that medical organizations are far behind with respect to having sound privacy protections in place.  The study along with data from The Office for Civil Rights (OCR), the department within The U.S. Department of Health and Human Services (HHS) responsible for enforcing the HIPAA Privacy and Security Rules shows that over the last few years, protected health information (PHI) breaches are increasing at an alarming rate.

Brian Lapidus, Senior Vice President for Kroll Advisory Solutions is quoted in the article link below saying, “But feeling like one is in adherence with policy prescriptions is not the same as actually protecting personal health information (PHI).”

At Environmental Intelligence, we could not agree more. There is so much more to effectively managing the security of an enterprise network from the risk of PHI breaches than just simply deploying a security architecture.

See: Five Best Practices For Medical Organizations To Protect Against PHI Breaches

Here are a few more quotes that Mr. Lapidus shares in the article link below:

“Bottom line, organizations have to figure out how they’ll respond to myriad security threats, on many different fronts.”

“Health providers have a lot coming at them.” “They’ve got meaningful use, they’ve got EHR implementations, they’ve got HIPAA requirements” – to say nothing of their normal, day-to-day business of caring for patients.”

“I wouldn’t be so quick to give a pass because people are busy,” he says. “Then that could be the universal excuse for everything. There is a responsibility for these organizations to protect patient data.”

Mr. Lapidus is spot on with his comments. The real question is how can medical organizations effectively mitigate the risks of PHI breaches?

An effective way for medical organizations to manage the responsibility of protecting patients data is to partner with an outside Health IT firm that can support the staff in the development,  implementation, and monitoring  of a comprehensive data security strategy, policy and routines. Organizations that choose to  partner with an outside firm with data security expertise will have the benefit of having an unbiased view of internal systems and processes. This line of sight provides medical organizations with the real-time information necessary to effectively identify vulnerabilities and mitigate security threats to  patients PHI data.  This is far more effective than the tendency for internal IT teams to look at security strategy and develop a check-the-box solution.

Reality is clinicians and administrative teams are busy focusing on their number one priority – providing the absolute best care to their patients and we believe that’s the way it should be.

The HIMSS Analytics / Kroll Advisory Solutions study article, which contains the link to the study report, can be found here: Breaches epidemic despite efforts at compliance, says Kroll

Frank J. Rosello

is CEO & Co-Founder of Environmental Intelligence LLC.

Environmental Intelligence, LLC, is a complete, full-service healthcare IT solution provider. With a team having more than 10 years of proven clinical expertise in delivering end-to-end health IT solutions, Environmental Intelligence provides medical practices and facilities onsite expert IT consulting, installation, and implementation that is focused on physicians, their patients, and the quality of their care.

Contact us to learn more about our Physician Focused – Patient Driven® approach to Health IT.






Leave a Reply

Follow GOEILLC on LinkedIn Follow GOEILLC on Twitter