Monthly Archives: August 2014

The Top 5 Tips for Big Data Use in Healthcare

The Top 5 Tips for Big Data Use in Healthcare

Like virtually every other industry, success in the healthcare sector these days relies primarily on becoming more data-driven. Leveraged properly, big data can help deliver better patient care while at the same time reducing the per capita cost of that care. A targeted investment in big data with regards to healthcare analytics combined with best practices in the big data space can be a recipe for analytic success. Here are a few tips that can help you get started.

freedigitalphotos.net/cooldesign

1. Set Clear Goals

The first step in a successful big data analytics project is to define your business objective. Knowing exactly what you want to accomplish with big data at your back is a must before launching into a new idea. For example, are you trying to answer specific business questions, the scope of which exceeds traditional tools? Or do you want to make future predictions that could shape the way you make business decisions next quarter? Without taking the time to set definitive goals ahead of time, you run the risk of creating a very expensive failure.

2. Take a Comprehensive Approach

It’s natural to assume that analysis only applies to previously unstructured data, but don’t forget to take into account the answers that are probably hiding in data that’s already been processed and cleansed. You also need to include data from not-so-obvious sources, like social media and web logs. Any data analysis project has to be all-inclusive in order to establish a meaningful big picture.

3. Embrace Discovery Analytics

Big data doesn’t exactly replace legacy evidence-based research, but effective analytics are essential to separate out the chaff. There’s really no difference between discovery analytics and big data analytics. Big data analytics aren’t just about reporting; they help inform diagnosis and strategy. Through the use of new algorithms and data visualization techniques, big data can speak volumes—and far more clearly.

4. Simplify

Big data doesn’t have to be overwhelming if you take a simplified approach. Choose analytics technologies that help you connect using familiar tools, and that also support short-cycle iterative analysis. This helps open the analysis field to more minds than just a handful of highly paid specialists.

5. Engage Outside Experts

Managing big data is no small task; no matter how skilled your IT staff and existing analytics team, your big data project can surely benefit from some specialized support. Working closely with an experienced vendor can shorten the learning curve tremendously when it comes to figuring out new processes for big data analytics.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Debunking the Top 3 ICD-10 Myths

Debunking the Top 3 ICD-10 Myths

Despite the “stay of execution” recently granted to healthcare organizations regarding the ICD-10 conversion deadline, there’s still a fair amount of grumbling over the fact that moving from ICD-9 to ICD-10 must take place. A lot of this anti-ICD-10 logic revolves around arguments based entirely on myths and misconceptions. Here’s a look at the top three most persistent complaints and misassumptions, with the facts behind them.

1. ICD-10 Is Too Complicated

Source: rehabsoftware.com

The immediate presumption that ICD-10 will be complex because the number of codes involved will skyrocket is understandable, but ultimately inaccurate. It’s easy to forget after so many years of using ICD-9 just how vague the current codes are; there’s no differentiation between right side and left side of the body. Nearly half of the new codes are a simple designation between left and right, and the rest will offer more clarification and specificity for insurance billing and diagnostics, not more complexity.

2. We Should Just Use SNOMED CT. Or Skip Ahead to ICD-11.

First, SNOMED CT is a clinical terminology system rather than a classification system. While invaluable when implemented in software applications and in establishing a universal system with global—not just local—implications, SNOMED CT can’t do the same things that ICD-10 will help with.

The International Classification of Diseases (in any of its versions) is a system that organizes content into a standardized system of classification. This allows for a big-picture approach toward identifying and recording worldwide health trends. While ICD-10 and SNOMED CT are complementary, they’re not interchangeable.

In addition, as far as jumping directly to ICD-11 goes, the World Health Organization (WHO) predicts that it won’t be ready until 2017. As a frame of reference, WHO endorsed ICD-10 in 1990, however it was first used by WHO members in 1994. It’s taken a decade for the United States to get on board, and we still aren’t there yet. Fast-tracking ICD-11 is unrealistic.

3. ICD-9 Is Working Just Fine

Probably the most vocal complaint leveled against ICD-10 conversion—and arguably the least accurate as well—is the “if it ain’t broke, don’t fix it” mentality that everything about ICD-9 is perfectly adequate, and upgrading to ICD-10 is unnecessary. This couldn’t be further from the truth.

ICD-9 is woefully insufficient in meeting the needs of modern healthcare. Think just for a moment about how much medicine has changed, how many new diagnoses and recognized diseases there are and the tremendous technological medical advances accomplished since ICD-9 was first adopted by the U.S. in 1979. Common sense alone should tell detractors that the old classifications just aren’t applicable anymore.

ICD-9 isn’t just an older system; it’s obsolete. No amount of arguing will change this. It’s time to accept the truth about converting to ICD-10: this is a vital step healthcare organizations must take to join the rest of the 21st century and provide the best possible care for their patients.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Patient Info + Mobile Devices and Apps = Private Healthcare Data Free-for-All

Patient Info + Mobile Devices and Apps = Private Healthcare Data Free-for-All

Think your mobile device – that indispensable part of your daily life that practically serves as a functioning part of your anatomy – is protecting your personal, financial, or location information? Guess again. Most of us know this and take the phrase “mobile device security” with a grain of salt.

What about health apps running on private consumers’ and healthcare professionals’ smartphones and tablets?

A new studyled by information technology and systems mega firm HP found that 70 percent of popular mobile devices and their requisite apps are extremely vulnerable to security breaches. All of our favorite “Internet of Things” (IoT) devices – yes, your beloved iPads, iPhones, and Android smartphones and tablets – leave your personal information ripe for the picking by hackers and nefarious ‘Net ne’er-do-wells.

Source: freedigitalphotos.net/bplanet

Among the threats pinpointed by the HP study are:

  • Insufficient authorization and weak password standards
  • Encryption (or lack thereof)
  • Overall absence of granular user access permissions
  • Software exposures
  • Denial-of-service (DOS) attacks
  • Cross-site scripting vulnerabilities

As if these devices aren’t already bona-fide ubiquitous, Gartner predicts that IoT devices will increase in number to upwards of 26 billion by the year 2020. As demand for new connected devices with seamless cloud accessibility and numerous mobile apps increases, so do security threats. And the healthcare sphere is not immune.

Inoculating Against Data Leaks

Unprotected health information stored in smartphone and tablet apps leaves private consumer data, including test results and medical histories, open to cybercriminals. As consumers continue to download mobile health apps and enter their personal details, they may be completely naïve about the expected level of security on these devices. As the HP study sums up so succinctly: “Users are one network misconfiguration away from exposing this data to the world via wireless networks.”

App developers must wake up to the real-world threats of weak security on mobile devices and up their encryption game if they want to have any legitimacy. Some applications employed by major U.S. hospitals and even recommended by some of the largest health insurance companies don’t exactly make top-of-the-line security a priority. To protect patient data and be responsible citizens of the healthcare sphere, large health organizations must be more vigilant about verifying the security of app vendors and demand strict security measures in vendor contracts.

Mike Armistead, vice president and general manager of Fortify on Demand Enterprise Security Products at HP, put it plainly in a July 29 press release announcing the results of the HP study: “While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface…With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.”

Well said, Mr. Armistead. This challenge should also be issued to all large healthcare operations, enlisting them to exercise due diligence with outside technology vendors and demand that vital steps such as these be taken to protect consumer information in healthcare devices and apps.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

New Survey Finds Law Firms Face eDiscovery “Watershed”

New Survey Finds Law Firms Face eDiscovery “Watershed”

In the legal realm, large firms are currently facing a major “watershed” moment with reference to the way they service e-discovery tasks charged by their corporate clients. One need look no further than the imminent collapse of newspaper journalism in the face of emergent digital media to see that just like the Borg warned us: “resistance is futile.”

According to a July 2014 survey conducted by Ari Kaplan Advisors and sponsored by RVM Enterprises Inc., today’s firms are revolutionizing the way that e-discovery functions within their operations. Many firms are absorbing a greater share of the e-discovery workload and making it a more in-house function in response to rising demand for greater transparency from outside counsel coupled with a desire to control counsel costs.

Key Conclusions

Source: freedigitalphotos.net/imagerymajestic

The survey found that 100 percent of the attorneys polled, all of whom primarily function as outside e-discovery counsel for corporate legal departments, said they currently recommend both e-discovery software and vendors to their clients from the corporate world. Survey respondents agreed unanimously that they’re seeing major tidal changes in their client’s expectations with reference to practice support technology.

  • 89 percent of respondents theorized that these changing expectations reflect rising technology costs and a need to control mushrooming legal expenses.
  • Beyond technology costs, they pointed to the incessantly increasing speed of data created by the modern corporate client as wired employees generate uncontrollable volumes of potentially “e-discoverable” information.

Here’s where things get dicey: today’s legal counsel faces resistance from clients when they bill separately for e-discovery because clients think it should be included in existing operating costs. How can firms raise awareness among their clients about the often monumental task of e-discovery at the enterprise level and justify its inclusion as a separate line item on invoices?

Some firms are working to overcome this watershed moment by strengthening their billing propositions with increased clarity, upgraded technology, and greater transparency as demanded by clients. Strategies include:

  • Creating a more uniform e-discovery approach to cut down on client confusion when it comes time for billing
  • Upgrading data processing vendors and replacing them with more efficient models
  • Aligning themselves with adept third-party e-discovery partners whose expertise lends credence to hefty costs

Making the Case for E-Discovery Due Diligence

Until e-discovery becomes recognized as a bona fide operating cost, firms will have to focus on cost reductions to convince clients that they operate efficiently during the cumbersome data gathering and review phase. Kaplan says possible tactics may include “spotlighting strategies for mitigating risk in the most cost-effective manner possible.” This strategy may help corporate clients make more informed decisions, convince them of firms’ expertise and efficiency and lay out the real-world costs of forgoing certain vital steps in the e-discovery chain of action.

The Road Ahead

This watershed moment is defined by shifting responsibilities with reference to corporate e-discovery:

  • In-house legal departments are beginning to create their own e-discovery processes, defining risks and balancing the competing charges of efficiency and accuracy
  • This trend toward a more in-house approach to e-discovery requires the adoption of new technology for corporate legal departments, allowing them to manage tasks they formerly outsourced

Kaplan says the new test that emerges from the ever-changing e-discovery landscape is finding a way to segment billable work in order to “reflect a firm’s traditional counseling role and its evolving position as a service provider.” What remains to be seen is how large firms will rise to this challenge and redefine themselves as efficient, trustworthy partners whose value is unquestionable to corporations.

Written by Simeon D. Rapoport

Simeon D. Rapoport is the Vice President & General Counsel for iBridge. He’s been an attorney for more than 25 years, began his career working in the courts and private practice for more than 10 years, and has been in-house corporate counsel since 1998. Rapoport’s experience includes private practice with the large West Coast firm of Bullivant Houser and more than 10 years at Standard Insurance Company. Rapoport is a frequent author and speaker, and he enjoys being active in Bar and civic groups. His interests include family, fitness, outdoor activities, and travel.

Why Mobile Device Security Matters

Why Mobile Device Security Matters

Mobile devices such as smartphones and tablets have become 24/7 digital personal assistants that are involved in every aspect of life. From maintaining schedules and to-do lists, keeping friends and family connected and storing everything from strictly professional to deeply personal information, mobile devices are a must-have.

Yet, while undeniably convenient, having so much sensitive data stored on mobile devices can open Pandora’s box if proper attention isn’t paid to security. The risks associated with living digitally need to be more clearly understood.

Mobility Means Exposure

Source: freedigitalphotos.net/stockimages

Using devices on the go opens the door to new risks that weren’t a reality when home desktop machines and hard line Internet connections were the norm. Hackers and identity thieves take advantage of the fact that most mobile users don’t give security a second thought when putting their lives and personal information on mobile devices. This potential threat extends even to such frequently used and seemingly innocuous acts as checking account balances from a smartphone or using health tracking apps.

How Industries Are Responding

When looked at from a global perspective, the healthcare sector has been more affected by failures in data leakage monitoring compared to other industries, with a survey from eWeek reporting that 60 percent of healthcare organizations say they’ve been impacted. This is despite the sector as a whole ranking relatively high in terms of internal education compared to other industries, scoring four out of six in the primary areas of vulnerability. The financial industry, on the other hand, shows higher incidences of data breaches, although the violations with regards to monitoring are fewer.

Within the U.S., the Department of Health and Human Services has heavily promoted privacy and security awareness within the healthcare industry. Although HIPAA laws dictate how sensitive data is to be used, stored and transferred, a new degree of diligence is required as the industry migrates from paper charts and files to tablets, laptops, and cell phones as a way of doing business and storing patient information. The new and unique risks that accompany data mobility in healthcare include but aren’t limited to:

  • Possibility of devices being lost or stolen
  • Potential for accidentally downloading viruses or malware
  • Transferring or receiving data on unsecured WiFi

Managing the Problem

The United States, United Kingdom and the German-speaking countries in Europe all report feeling optimistic overall with regards to how much control industries currently have (or how much effort they’re making toward) network and endpoint security. However, one area that could still use some shoring up lies in knowing which devices can or should be granted network access, and how to handle remote devices that don’t conform to existing security policies.

There are two primary concerns that transcend language or country border when it comes to mobile data security:

  • The prevention of data theft is viewed as far more challenging than it was even as recently as two years ago.
  • Diagnosing the problem is also viewed as more difficult than previously, as is the remediation of any resulting breach.

Regardless of industry or location, IT departments around the world are still trying to figure out how to best apply security measures when it comes to mobile device security. As eWeek’s survey concludes, “IT professionals are still discerning where to apply tool and control integration capabilities. Interoperability can better advance prevention, diagnosis and remediation capabilities, areas with greater perceived security management challenges, and overall can provide an opportunity for policy-based automation – all of which could free up staff time and resources for other tasks within the business.”

Written by Simeon D. Rapoport

Simeon D. Rapoport is the Vice President & General Counsel for iBridge. He’s been an attorney for more than 25 years, began his career working in the courts and private practice for more than 10 years, and has been in-house corporate counsel since 1998. Rapoport’s experience includes private practice with the large West Coast firm of Bullivant Houser and more than 10 years at Standard Insurance Company. Rapoport is a frequent author and speaker, and he enjoys being active in Bar and civic groups. His interests include family, fitness, outdoor activities, and travel.

iBridge & the 37th Annual International Legal Technology Association Educational Conference

iBridge & the 37th Annual International Legal Technology Association Educational Conference

Leading West Coast information management and data services firm iBridge will attend and exhibit at the 37th Annual International Legal Technology Association (ILTA) Educational Conference.

iBridge offerings include a full spectrum of eDiscovery and other legal support services. The conference takes place at the Gaylord Opryland in Nashville, Tenn. iBridge will be partnering with Lucid IQ, an ILTA Conference Gold Sponsor, and Sim Rapoport, Vice President & General Counsel for iBridge, will be attending the event. iBridge will be located at Booth No. 200 with Lucid IQ.

“Because this is a cutting edge program on legal technology issues, we’re looking forward to hearing from all the great speakers in addition to learning more about these technology issues,” said Rapoport.

The conference will have over 200 peer-developed educational sessions, ample networking opportunities, more than 200 exhibiting vendors and much more. It will cover topics such as information management, organization management, desktop applications, technology operations, and the future of ILTA initiatives.

About ILTA

“For more than three decades, the International Legal Technology Association has led the way in sharing knowledge and experience for those faced with challenges in their firms and legal departments. Through delivery of educational content and peer-networking opportunities, ILTA provides members information resources in order to make technology work for the legal profession.”

The conference will include hands-on, interactive audience participation, case studies, advanced curriculum, roundtables, lecture presentations and panel discussions. Conference participants will have the opportunity to discuss best practices in an environment of open collaboration, the convenience of exploring myriad technology and process solutions under one roof, and the potential to deliver great value to their firm or law department.

About iBridge

iBridge is a team of trusted, responsive information experts who capture, normalize, mine and report data to help organizations make smarter business decisions. By cutting through the data noise, iBridge provides critical information to its customers, allowing them to better understand their opportunities. iBridge’s value is in its ability to solve business problems in collaboration with its customers; to rapidly scale up or down; and to integrate its teams with client organizations. In addition to its information management services, iBridge offers eDiscovery and legal support. The company has offices in Oregon, Washington and India.

To learn more about iBridge and its services, call 888.490.3282. You can also visit ibridgellc.com or connect with it via Facebook, Twitter, LinkedIn, or Google Plus.

Reconciling the Risks of eDiscovery with the Convenience of BYOD

Reconciling the Risks of eDiscovery with the Convenience of BYOD

Just about everyone has a smartphone these days, and that’s in addition to the tablet, laptop and possibly desktop computer they likely own as well. Yet, while all of these gadgets are primarily used away from the office, personal mobile devices are frequently used for work-related tasks just the same. This opens up a lot of questions about the intersection of eDiscovery and BYOD. Is there a line that needs to be drawn?

Why Worry about eDiscovery?

Source: Freedigitalphotos.net/Stockimages

Electronic discovery is one of those things that the majority of companies (and their employees) don’t think much about until it happens to them. Yet, waiting until eDiscovery is knocking at the door to address the question of BYOD is much too late.

The scope of eDiscovery is often laid out ahead of time, and typically includes devices or files that are company property. These guidelines don’t include employees’ personal property or any cloud-based storage systems they may be using to access work tasks from home or while on the go, but with most employees answering quick emails while sitting at a restaurant or downloading work files outside of the office these days, it’s clear that parent companies need a more controllable answer.

Company-Issued vs. BYOD

The sticky question of work vs. personal mobile devices and whether work data should be accessed remotely has led many companies to implement company-issued cell phones, tablets or laptops. This solution allows employees the invaluable flexibility of BYOD while still allowing management some level of control over how the devices are being used—and keeping them well within the scope of eDiscovery efforts.

Company-issued devices also ensure that specific security protocols are being followed according to internal employment policies. While many employees agree to such rules as a condition of accessing work data off-site, actually following those rules doesn’t often occur in real life—and doing so really isn’t enforceable. The bottom line here is the same as it has always been: the human instinct is to get the job done in the fastest, most efficient way possible. The question of whether that’s through a personal device or one that’s been issued by the company is secondary at best.

The Future of BYOD

Beyond security concerns, there’s a financial element in thinking about BYOD. Personal devices are purchased by the employee directly, while company-issued devices are purchased by the employer. Yet, when the employee is using an employer-provided iPhone already and then using his or her paycheck (also technically provided by the employer) to buy an iPhone for personal use, the employer is indirectly paying for that equipment… essentially, buying their employees’ phones twice.

As a result, more organizations are requiring employees to use their personal electronics for company purposes. The argument is that smartphones, tablets and such are rapidly becoming essential tools that workers need in order to fulfill their daily tasks—therefore, requiring employees to purchase those tools just makes sense.

Is mandatory BYOD the wave of the future? It’s quite likely, especially when this type of arrangement would allow companies the necessary leeway they need to protect their legal interests, if needed. While company-issued devices used to seem like the ideal answer to the eDiscovery question, mandatory BYOD may offer the best of both worlds: mitigating the risks associated with pursuing eDiscovery efforts relative to personal property, and at the same saving on the high overhead of purchasing new gadgetry for each employee.

Written by Simeon D. Rapoport

Simeon D. Rapoport is the Vice President & General Counsel for iBridge. He’s been an attorney for more than 25 years, began his career working in the courts and private practice for more than 10 years, and has been in-house corporate counsel since 1998. Rapoport’s experience includes private practice with the large West Coast firm of Bullivant Houser and more than 10 years at Standard Insurance Company. Rapoport is a frequent author and speaker, and he enjoys being active in Bar and civic groups. His interests include family, fitness, outdoor activities, and travel.

4 Ways Fitbit and Facebook Can Compromise Your Medical Privacy

4 Ways Fitbit and Facebook Can Compromise Your Medical Privacy

There’s a surge in the use of social networking and fitness-tracking devices like Fitbit to monitor and improve health and wellness, but some of these same advancements in health and fitness technology are raising alarming privacy issues. Here are four ways your efforts to share your fitness journey with the latest and greatest technology could have unintended consequences and compromise your privacy.

1. HIPAA Has Its Limits

The Health Insurance Portability and Accountability Act (affectionately known as HIPAA) effectively governs the privacy and security of health-related data collected by hospitals, healthcare providers and insurance companies. However, HIPAA’s policies and regulations for data security don’t apply to your private information when you choose to place it on other outlets.

When you fill out questionnaires or surveys at a gym, massage therapist’s office or health food store, you should understand that the data isn’t regulated the same way it is when it’s shared with your doctor or insurer.

2. You May Inadvertently Over-Share

Source: Photopin

For most people, accountability is a wonderful tool to use when working towards fitness goals. Through apps and social media, we can share our successes (such as a new record for a mile run) and find support in our downfalls (like the empty Ben & Jerry’s container in today’s trash). Fitbit offers its users a leaderboard that refreshes all day to show who’s burning the most calories, making the best food choices and getting the most sleep.

Making your triumphs and failures public may seem like a great way to stay motivated and meet your goals, but, as some Fitbit users learned in 2011, you may accidentally give TMI. Just as Fitbit shared the number of calories worked off on the treadmill or how many flights of stairs were scaled, the popular fitness device also recorded and published late-night physical activity statistics including duration and calories burned.

3. “Checking In” Allows Others to Check-Up on You

Checking in via Facebook or FourSquare is a popular tool on social networking that allows users to publicize where they’re eating lunch or what landmark they’re visiting. Believe it or not, broadcasting your every move and activity could affect your health insurance rates. Insurance companies are in the business of minimizing risk and turning a profit, so constantly checking in at bars or cigar shops could lead to a hike in your premiums if your insurer decided to check out your check-ins.

4. Facebook Is the New Insurance Company Questionnaire

When applying for new health insurance, you’ll likely be asked to fill out a detailed questionnaire regarding your general health, preexisting conditions and medical history. However, insurers are jumping on the social media bandwagon and doing their own research to determine the riskiness of would-be policy holders. The amount of private and personal information people willingly share on their social networking profiles is astounding. These profiles have become a valuable and insightful resource for insurance companies hoping to determine the actual lifestyle of an individual, which may vary from how one represents themselves on a health questionnaire.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Why Electronic Health Records Face Significant Security Risks

Why Electronic Health Records Face Significant Security Risks

The days of massive file stacks full of carefully coded health records are all but over. Today’s healthcare system is undergoing a somewhat rocky transition to more easily accessible electronic health records (EHRs) that put a wealth of patient healthcare history at physicians’ fingertips. There are so many positives to the digitalization of health records that it’s easy to get swept up in the fervor.

Beyond the significant financial investments required of individual practitioners and major healthcare systems alike, upgrading to EHRs may pose significant risks to the privacy and security of patients’ private health information. What can be done to stop the data leaks and breaches that tarnish the reputation of electronic health records?

Source: FreeDigitalPhotos.net/Stuart Miles

Counting the Costs

A recent report from POLITICO found a full identify profile of a single patient could fetch up to $500 on the black market. With medical data at a premium, individual patients face a significant risk each time practitioners enter private data into an online database. The cost for consumers goes beyond financial disaster:

  • Unlike credit card fraud or banking breaches, there’s no one-stop-shop where affected individuals can report medical identity theft.
  • What happens if your record contains falsified information about previous treatments or even a fictitious diagnosis? Just thinking about the possible real-world repercussions of such breaches is enough to raise your blood pressure.

If you think healthcare identity theft isn’t a significant issue, consider this statistic from the Identity Theft Resource Center: in 2013, the healthcare sector racked up 43.8 percent of total security breaches, outpacing the business sector by nearly 10 percent. It turns out the reason for growth in healthcare breaches is likely economic; these days even a stolen Social Security number garners only about a buck on the black market, while a full medical record fetches hundreds of times that amount.

How Is Healthcare Security Performing?

In the wake of recent data breaches at Target, Neiman Marcus and other retailers, many large companies are beefing up their data security in efforts to escape the wrath of angry consumers tipped off largely by renegade data security blogger Brian Krebs. While that’s a positive development, the same encouraging changes don’t seem to be catching traction in the healthcare industry, where profits should ideally take a backseat to patient care… and that should include care of private healthcare information security, too.

Misplaced Priorities

Perhaps it all comes down to a few misplaced priorities:

  • Healthcare providers must ramp up their privacy standards, requiring significantly increased spending on security measures.
  • Leaving EHRs vulnerable to data beaches comes at a great cost to patients, many of whom are already dealing with stressful situations such as chronic diseases like cancer.
  • The Healthcare Information and Management Systems Society (HIMSS) reports that half of survey respondents in a recent security study spent less than three percent of their overall IT budgets on healthcare information security.

This statistic points to a serious spending shortfall, leaving patient health information vulnerable to security breaches that come at great personal and security costs. In order to safely modernize U.S. healthcare, providers will need to refocus and redouble their efforts at securing patient information to keep Americans both healthy and safe from identity breaches.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge LLC & the 38th Annual NIRMA Information Management Conference

iBridge LLC & the 38th Annual NIRMA Information Management Conference

Leading West Coast information management and data services firm iBridge LLC will exhibit and present at the 38th Annual Nuclear Information and Records Management Association (NIRMA) Conference.
 
The conference takes place at the J.W. Marriott Resort and Spa in Summerlin, Nevada. iBridge will highlight it’s expertise in the data encryption and data security, educating conference participants on the ease of implementing security solutions for data in transmission and at rest.
 
iBridge and its partner, Protected Trust, will present and showcase products and services leveraging cloud computing, while adhering to strict data security, privacy, and compliance requirements Topics will include secure messaging and secure content delivery for nuclear information and records management. The iBridge team has over 25 years of experience in information technology security helping government agencies and companies in healthcare, legal, and financial services.
 
The conference will cover topics such as cyber security, safeguarding, eDiscovery, SharePoint, and long-term data preservation. There will be 30 sessions, networking events, exhibits, and CRM and AIIM training.

About NIRMA

“NIRMA is a not for profit, professional association, that exists to benefit highly regulated industries. With roots in nuclear energy, its goal is to assist individuals and their companies in developing and maintaining the technical foundation required to implementing a rigorous program for managing information.”
 
Since 1976, NIRMA has been uniquely qualified to provide guidance to commercial and Department of Energy facilities. NIRMA’s role in the industry is to support regulated nuclear and energy-related industries, agencies, and their regulators in the development, implementation and administration of documents, records, and information management processes to facilitate cost-effective operations and regulatory compliance.
 
At the 2013 NIRMA conference, iBridge founder and CEO, Desh Urs presented – Disaster Recovery, post Fukushima. The topic addressed how the nuclear industry can and should plan for rapid recovery and not just plan to contain a disaster.

About iBridge

iBridge is a team of trusted, responsive information experts who capture, normalize, mine and report data to help organizations make smarter business decisions. By cutting through the data noise, iBridge provides critical information to its customers, allowing them to better understand their opportunities. iBridge’s value is in it’s ability to solve business problems in collaboration with it’s customers; to rapidly scale up or down; and to integrate it’s teams with client organizations. The company has offices in Oregon, Washington and India.