The adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payors all point towards the need for better information security, according to an article published in this month's International Journal of Internet and Enterprise Management.
“Without it, patient privacy could be seriously compromised at great cost to individuals and to the standing of the healthcare industry,” wrote Ajit Appari, PhD, research fellow at the Glassmeyer/McNamee Center for Digital Strategies at Dartmouth College’s Tuck School of Business, and M. Eric Johnson, director of the center.
Information security and privacy in the healthcare sector is an issue of growing importance, but much remains to be done to address the various issues raised by healthcare consumers regarding privacy and security and the providers' perspective of regulatory compliance, according to the researchers.
Anecdotal evidence from recent years suggests that a lack of adequate security measures has resulted in numerous data breaches, leaving patients exposed to economic threats, mental anguish and possible social stigma, the team explained. According to the researchers, 75 percent of patients are concerned about health websites sharing information without their permission.
“This patient perception may have been fueled by the fact that medical data disclosures are the second highest reported data security breach,” stated the authors.
Appari and Johnson surveyed the research literature in the area of information security and privacy in healthcare as well as information from related disciplines including health informatics, public health, law, medicine, the trade press and industry reports to determine that many issues remain to be addressed.
"Healthcare information systems are largely viewed as the single most important factor in improving U.S. healthcare quality and reducing related costs," the researchers said. "According to a recent RAND study, the U.S. could potentially save $81 billion each year by switching to a universal EHR system."
Government initiatives have pushed for wide-scale adoption of universal EHR by 2014, but IT spending in the healthcare sector is lagging behind many other industries leaving holes in security that must be plugged, according to the authors.
"We believe that the increasing importance of information security and the need for managerial insights to these problems offer an exceptional opportunity for debate and cross fertilization within the information systems research community,” concluded the authors. “Certainly, there is a substantial need for new ideas that could guide practitioners through this time of change within the industry.”
Click here to read CMIO's recent interview with Johnson about ways that healthcare organizations can avoid data breaches.