This series has explored what happens to ePHI when it’s stolen and why is it valuable to cyber criminals. In this third installment we’ll look at why ePHI is vulnerable.
Why is ePHI So Vulnerable?
In response to increasing threats to patient health data and poor security, the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted in 2009. The act provided a $27 billion incentive to encourage health providers to switch from paper medical records to electronic files.
The results have been disappointing. Many healthcare organizations were slow to adopt electronic files because of struggles connecting different technologies. These disparate technologies need to work together so electronic health records (EHRs) are available to the appropriate staff.
President Obama was interviewed by Vox’s Ezra Klein and Sarah Kliff on January 6, 2017 and explained this lack of interoperability was something he and his administration didn’t expect:
“We put a big slug of money to encouraging everyone to digitalize and catch up with the rest of the world here. And it’s proven to be harder than we expected, partly because everyone has different systems, they don’t all talk to each other, it requires retraining people in how to use them effectively, and I’m optimistic that over time it’s inevitable it’s going to get better because every other part of our lives, it’s become paperless.
“But it’s a lot slower than I would have expected; some of it has to do with the fact that it’s decentralized and everyone has different systems. In some cases, you have economic incentives against making the system better; you have service providers — people make money on keeping people’s medical records — so making it easier for everyone to access medical records means that there’s some folks who could lose business. And that’s turned out to be more complicated than I expected.”
As a result, hospitals and clinics have been operating, at least in part, with outdated technology, exposing them to the dangers of cyber-attacks.
Read Part 4 of Why Hackers are Targeting ePHI More Than Credit Cards - Are Paper Medical Records Better?