New healthcare IT compliance service protects electronic medical records

The CIO-level business angle on the latest tech

I've been seeing the same general practice doctor for about 15 years. The last time I saw him, I noticed he carried a tablet PC instead of the usual thick paper-based folder full of my medical records. I commented on the switch to electronic medical records (EMR) and he said, "I was a holdout but my staff forced me into it."

He's not the only doctor to be toting a tablet PC instead of a plain old tablet of paper. The Congressional Budget Office forecasts that 90 percent of doctors and 70 percent of hospitals will be using comprehensive EMR within the next decade. Government stimulus incentives as high as $44,000 per physician are encouraging medical practitioners to adopt EMR technology. The hope is that electronic records will reduce healthcare costs as well as medical errors.

The HITECH Act: What you need to know about new data breach guidelines

The movement toward electronic health records is both encouraging and frightening. On the plus side, I like that my digital health records can easily be shared with other physicians should the need arise. In an emergency, I'd want my attending physician to know as much about me as possible without having to wait for a copy of paper records.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I've been seeing the same general practice doctor for about 15 years. The last time I saw him, I noticed he carried a tablet PC instead of the usual thick paper-based folder full of my medical records. I commented on the switch to electronic medical records (EMR) and he said, "I was a holdout but my staff forced me into it."

He's not the only doctor to be toting a tablet PC instead of a plain old tablet of paper. The Congressional Budget Office forecasts that 90 percent of doctors and 70 percent of hospitals will be using comprehensive EMR within the next decade. Government stimulus incentives as high as $44,000 per physician are encouraging medical practitioners to adopt EMR technology. The hope is that electronic records will reduce healthcare costs as well as medical errors.

The HITECH Act: What you need to know about new data breach guidelines

The movement toward electronic health records is both encouraging and frightening. On the plus side, I like that my digital health records can easily be shared with other physicians should the need arise. In an emergency, I'd want my attending physician to know as much about me as possible without having to wait for a copy of paper records.

On the down side, however, I'm concerned about the possibility of a data breach. Apparently this concern is warranted. According to market research firm Javelin Strategy & Research, data theft and other fraudulent activities related to the exposure of EMR data more than doubled in 2009. There were more than 275,000 cases of theft of medical information in the United States in 2009. Javelin expects that incidents of fraud will continue to increase as more medical providers increase their use of EMR.

Why are thieves so interested in medical records? They don't really care when you had your last tetanus shot, or that you had bronchitis two years ago. What they are looking for is your Social Security number, addresses, medical insurance information, and credit card or other payment information -- the items that enable identity fraud or insurance scams.

The problems of identity fraud stemming from the breach of medical data can be worse than the loss of other types of sensitive data. For example, it takes twice as long to detect medical information fraud than it does other sources of data fraud, including retail information. This gives thieves a larger window of opportunity to misuse the sensitive information.

While doctors are rushing toward electronic medical records, the Health Information Technology for Economic and Clinical Health Act (HITECH) imposes stringent regulatory requirements under the security and privacy regulations of HIPAA, the Health Insurance Portability and Accountability Act. HITECH sets steep penalties for HIPAA violations due to "willful neglect." In the case of a data breach, careless mistakes can become public and costly and can force a physician out of business in little time.

Recognizing that many doctors' offices don't employ IT security specialists, Fiberlink Communications recently launched a new service aimed specifically at the healthcare market. The MaaS360 Healthcare IT Compliance Service is a fully online service for large and small healthcare organizations to manage the mobile devices that are used to collect and access digital records.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.