The deadline to enrol for coverage in 2014 under the new Affordable Care Act, ("Obamacare") is March 31, 2014. More than 6 million Americans have signed up for coverage through the new Health Insurance Marketplaces since October 1st. Also on the horizon is the American Recovery and Reinvestment Act of 2009, which requires that healthcare providers switch over to electronic medical records (ePHI) by 2015 on penalty of lost Federal funds.
From a data security perspective, these changes are important. The opening of new exchanges of healthcare information, and the conversion to electronic records, present significant data security risks for healthcare organizations.
According to a recent survey conducted by Ponemon, 70% of healthcare organizations believe the Affordable Care Act has increased the risks to patient data because of inadequate security. Areas of risk cited include insecure exchanges between healthcare providers and government, insecure database, and insecure websites for patient registration.
"There was a rush to get things done to meet the deadlines. A lot of energy and resources were spent on just making sure the exchanges operated. Unfortunately, not enough effort has been spent to make sure they were secure.” - Rick Kam, ID Experts
In a recent survey we conducted, we found that 61% of hospital and health systems have at least 50% of their employees using mobile devices for work, with numbers projected to increase. Similarly, Ponemon’s study showed that 88% of healthcare organizations permit employees and staff to use their own devices to connect to company networks or systems.
63% of healthcare organizations do not have a formal BYOD policy in place. With the ongoing digitization of health information and the increased used of mobile devices in healthcare, including BYOD devices, it’s more important than ever that healthcare organizations get a handle on data and endpoint security.
The changes to US healthcare legislation are opening up new possibilities for patient care, but they are also opening up risks to patient data. To find out more about how to improve the data and endpoint security in your healthcare organization, visit our healthcare solution page.