In a Wall Street Journal opinion piece, Eric Johnson -- the director of the Center for Digital Strategies at Dartmouth College's Tuck School of Business -- writes that "safeguarding patient information in a digital world" is a significant challenge facing the U.S. health care industry.
Privacy and security issues concerning medical records exist in part because the "health care industry has lagged behind the corporate world in adopting integrated systems that are designed with security in mind and prevent data from being downloaded into portable files," Johnson writes.
In addition, the industry is "fragmented ... with myriad hospitals, physicians, ambulatory health care providers, laboratories, insurers and providers" of billing and collection services "handling sensitive information," according to Johnson.
Johnson suggests four steps for health care organizations to ensure that they are making "proactive investments" in preventing medical data breaches:
- Take inventory to monitor how data are used, stored and transferred;
- Consider who needs access to patients' personal information;
- Use simple, easy-to-use technology and applications for sensitive data; and
- Educate health care providers on security issues and how best to avoid any problems (Johnson, Wall Street Journal, 9/26).