CDW says patients' concerns are reasonable. In just a 10-day span before Christmas, three different healthcare providers in three different states lost nearly 9,000 patient records, according to the report. And in a national survey last year, CDW polled 200 physician practices and found that approximately one-third do not have basic anti-virus protection or firewalls in place.
The only other types of personal information that respondents cared more deeply about keeping private and secure than health information were financial information and personal identity information, the survey found.
CDW warns healthcare providers that failing to protect their patient records could hurt their bottom line. The survey found that one out of ten respondents severed their relationship with an organization that compromised their personal information, while 12 percent reduced the amount of business they did with the organization.
The report also reminds healthcare providers of regulatory penalties they could suffer if a breach occurs. Under the HITECH Act of 2009, state attorney generals can sue healthcare organizations on behalf of citizens who suffer privacy breaches. Unintentional breaches can cost a business up to $25,000 maximum a year. If businesses willfully fail to correct these problems, businesses can be penalized up to $1.5 million.
To ensure data security, CDW advises healthcare companies to have an IT security assessment done while implementing basic security measures. The report also reminds healthcare providers that IT security isn't a one and done deal.
"Though the [electronic health records] transition is a perfect time to initiate tighter IT security controls," CDW notes, "all healthcare organizations need to consider their IT security profiles and should consider conducting an assessment at least once a year."
♦ Graphs courtesy of CDW Healthcare
♦ Thumbnail by southerntabitha/Flickr