Kroll Fraud Solutions Blog – A Dialogue on Data Security

This month, Connecticut Attorney General Richard Blumenthal announced that his office reached a settlement with health insurance company Health Net over their breach of sensitive patient data. The agreement resolves allegations that Health Net violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as state privacy protections. The Health Net breach dates back to May 2009, when the company lost a disk drive with PII and PHI for some 2 million patients. The company took more than what Blumenthal considered a reasonable amount of time to report the missing disk and notify affected individuals. Blumenthal alleged that the company delayed and otherwise failed to properly inform the state governing authorities.

In the late 1960’s, Dr. Lawrence L. Weed developed the Problem Oriented Medical Record (POMR).  His vision was to have electronic medical records with standardized progress charts for all patients.

Fast forward 30 years, and you would be hard pressed to find a medical group or health care system that used Electronic Health Records (EHRs) to exchange patient data with one another. Most medical records were still in the form of physical documents, stored in a file folder and shared between a few key members in the medical facility.

In June, the Office of the National Coordinator for Health Information Technology (ONC) issued its final rule to establish a temporary certification program for Electronic Health Record (EHR) Technology. This marks an important step towards allowing healthcare facilities to meet and achieve meaningful use, a requirement to qualify for incentive payments under Medicare and Medicaid. Yet, even with this new development, lingering security questions still plague the process, making the transition to an interoperable EHR system seem even further away and harder to achieve.