Pharmacy Times

Patient Privacy At Stake in Health IT Boom


Advocates of technology-enabled, participatory medicine talk about the potential of “data liberation”—a phrase that describes the strategic sharing of data contained in electronic health records—to help patients, providers, and payers make more informed health care decisions. Supporters say unleashing actionable health information can improve quality of care and lower costs.

But as more pharmacies, hospitals, and insurers join the movement, a new survey finds most heath organizations aren’t prepared to deal with breaches of patient privacy that are a side effect of less restricted data. In September 2011, PricewaterhouseCoopers (PwC) interviewed 600 executives from US hospitals and physician organizations, health insurers, and pharmaceutical and life sciences companies and found that:

• 74% plan to expand their use of health data, but less than half have addressed related privacy and security issues.

• 55% have not addressed privacy and security issues related to the use of mobile devices, and less than 25% have addressed privacy implications of social media.

• Only 37% conduct privacy training that incorporates the appropriate use of social media and mobile devices.

• Over the past 2 years, 40% reported an incident of an internal party improperly using protected health information.

PwC’s analysts say health organizations’ efforts to protect patient privacy have not kept pace with rapid advances in technology and consumer behavior, such as the broader use of social networks and smartphones. “Health organizations need to update practices and adopt a more integrated approach to ensure that patient information doesn’t fall into the wrong hands,” they wrote.

In addition to defining policies for mobile devices, electronic health records, and social media, they called on health organizations to create a “culture of confidentiality.” According to the report, most data breaches are caused by internal parties mishandling patient records, not malicious hackers or opportunists seeking to benefit from protected health information.

To keep patients’ trust and protect their brand’s reputation, companies need to adopt “an integrated approach that combines privacy, security, and compliance within a culture where all employees see themselves as champions of confidentiality and where privacy is part of the patient experience,” said Peter Harries, head of health information and security at PwC.

To download a full copy of the report, visit http://phrmcyt.ms/slw9Mu.