Slow Hospital Compliance with New Regulations Causing Increased Data Breaches & Medical Identity Theft
The Feds fiddle while the patients get burned. Let me give you the facts as reported by Identity Force in the Spring 2010 HITECH Act Hospital Compliance Report
PROBLEMS ARE WORSENING DESPITE MAJOR REGULATORY EFFORTS: 41.5% of hospitals have TEN OR MORE Data breaches each year – a 120.7% increase over last year’s survey. Currently, over 20% percent of hospitals have TWENTY OR MORE breaches annually.
EVEN NATIONAL HEALTHCARE REFORM NOT EXPECTED TO HELP: 56.3% of hospital compliance officers believe that the new health care reform law will either have no change or will increase medical identity theft at their institutions.
INVESTIGATION OF FRAUD IS SURPRISINGLY LOW: Despite the fact that medical identity theft is the fastest growing form of identity fraud, 71.4% of hospitals on average investigate fewer than 50 cases of possible misuse of identity annually, and over 34% still do not keep good patient ID records.
TIMELINESS OF COMPLIANCE IS POOR: To date, only 15.7% of hospitals feel they are in compliance with the HITECH Act, which went into effect in February 2010. This lack of compliance mirrors last year’s slow compliance efforts regarding the FTC’s Red Flags Rule.
SECURITY OF 3RD PARTIES IS AN UNKNOWN: 48.3% of hospitals do not know if their vendors and business associates are in compliance with the HITECH Act.
Meanwhile, OCR is fiddling with the interpretations of HITECH and telling everyone that enforcement will be delayed while they are working on their interpretations. Until they give a strong signal to the markeplace that they are serious about enforcement we can expect things to continue to worsen.
Somebody needs to stand up for the patients and tell the industry to get to work on compliance.