The Deloitte Center for Health Solutions has published a report, "Privacy and Security in Health Care: A Fresh Look." The report identifies the risks associated with privacy and security breaches in health care. It offers guidance about preparedness for health plans, life science organizations, health information technology solutions providers, as well as federal and state health agencies, to help minimize potential privacy and security threats as health reform drives increased exchange of online health information.
The Deloitte report identifies some of the reasons why preparedness for privacy and security risk is inadequate at some health care organizations, including lack of internal resources (human resources and capital); lack of internal control over patient information; lack of upper management support; outdated policies and procedures or non-adherence to existing ones; and inadequate personnel training.
Privacy and security regulations have historically focused on internal security processes, but currently culpability has been expanded to downstream entities. As health care delivery transitions to performance-based compensation, increased transparency, and increased use of EHRs and personal health records, new privacy and security rules, regulations, laws and standards will be added in each sector. To address the challenge of protecting against potential privacy and security breaches in the new era of health reform, Deloitte's report outlines a basic approach for health care industry stakeholders to assess their current preparedness across three key areas:
* Risk Management - Help identify and assess data security risks to develop appropriate security controls to mitigate or avoid risk. …