As the use of electronic health records becomes more widespread, the likelihood of health data breaches also could increase, the New York Times reports.
The number of reported health data breaches has increased by 32% from last year, according to a recent Ponemon Institute report. Last year, medical data breaches cost the industry about $6.5 billion, according to the report.
Micky Tripathi -- who runs the not-for-profit Massachusetts eHealth Collaborative, which had a health data breach last spring -- said such breaches will "be one of the big challenges as more physicians and hospitals adopt EHRs."
Legal Responsibility for Health Data Breaches
The rise in medical data breaches raises questions about who is responsible for security issues, according to the Times.
In the Massachusetts eHealth Collaborative example, federal law viewed the organization as a contractor acting on behalf of health care providers. Legal responsibility for protecting patient data fell on the hospitals and physicians who let the organization use their files (Perlroth, New York Times, 12/18).
Government Response
Leon Rodriguez -- director of HHS' Office of Civil Rights -- said that EHRs must be secure to serve their purpose.
He said OCR will boost enforcement of HIPAA rules in an effort to drive public acceptance of EHRs.
Congress gave OCR the power to regulate business associates last year, but the rules still are being written. Business associates contract with health care providers for billing and other administrative services that deal with patient data. Rodriguez said he hopes the rules related to business associates will soon be finalized (Conaboy, "White Coat Notes," Boston Globe, 12/14).