2014 ISECON Proceedings - Abstract Presentation

Massive Digitization of Patient Records Brews Electronic Cankerworms in Healthcare Provision

Ewuuk Lomo-David
North Carolina A&T State University

Track: IS Integration with other disciplines. The legal requirement Health Insurance Portability and Accountability Act (HIPAA) enacted in August 1996 mandates the protection of “individually identifiable health information held by covered entities.” (US Department of Health and Human Services, 2014). Covered entities are of three categories: 1) health care providers e.g. doctor’s offices, 2. health plan e.g. health insurance companies, and 3) health care clearinghouses e.g. “entities that process nonstandard health information they receive from another entity into a standard electronic format.” The primary purpose of HIPAA is to provide the legal support against unscrupulous health information handling entities that may take individual health data for granted. To help HIPAA relate directly to the vulnerability inherent in electronic transmission of health information because of data breaches, the Health Information Technology for Economic and Clinical Health Act (HITECH Act) (13402(e)(4)) was enacted on February 17, 2009. This strengthened HIPAA and mandated that covered health care entities must report breaches of unsecured protected health information affecting 500 or more individuals to the Secretary of the Department of Health and Human Services (HHS) who, in turn, must publicize them its website. Introduction: The incessant incident of data breaches that plaque corporate America is almost weekly episodes of some strange nightmare. A recent information breach that caught widespread attention is the one that affected 40 million customers’ credit cards in the second largest retail organization in US – Target Corporation (Alexander & Bjorhus, 2013). That incident eventually led to the resignation of the CEO of Target, Mr. Stanhafel (Malcom, 2014). In October 2013, Adobe Systems was hacked, leading to the compromise of more than 2.9 million records of Adobe users (Kocscieniewski, 2013). In the same year, the University of Maryland information breach affected more than 300,000 stakeholders on February 24, 2013 (Svitek & Anderson, 2014). The revelation that the data compromise dates back to 1998 shocked the university population. In the health care industry, information breaches are more widespread than one would think. In 2010, vital health information of 6,800 patients of New York Presbyterian Hospital and Columbia University were inadvertently left unprotected online (Friedman, 2014). HHS fined the two institutions $4.8 million. The current (Health and Human Services Department , 2009) prediction is that the health care industry will produce an alarming number of consumer data breaches in 2014, (Carr, 2014), as reported on data provided from (Experian, 2013). The primary reason, I deduce, for this dire prediction is that health care is a colossal industry and vulnerable because of massive digitization of health information and the complacency of employees. The purpose of this paper is to compare data breaches between health care providers and health plan organizations. Result from this study seem to indicate that massive amounts of fines from the Office for Civil Rights and massive law suits have arisen because of the exposure of patients' information and the opportunity created by ease of access. Bibliography Alexander, S., & Bjorhus, J. (2013, December 20). Target says breach may affect 40 million credit, debit cards. Minneapolis StartTribune. Retrieved February 27, 2014, from Star Tribune: www.startribune.com Carr, D. F. (2014, May 16). Health Data Breaches to Surge in 2014. Information Week. Retrieved May 27, 2014 Experian. (2013). Is Your Company Ready for Big Data Breach. Experian Data Breach Resolution. Retrieved May 27, 2014, from http://www.experian.com/assets/data-breach/brochures/databreach-preparedness-study-v3.pdf Friedman, L. (2014, May 9). Hospital to Pay Millions After Embarrassing Data Breach Put Patient Info on Google. Retrieved May 27, 2014, from http://www.businessinsider.com/new-york-presbyterian-columbia-hipaa-settlement-2014-5 Health and Human Services Department . (2009). Health Information Technology for Economic and Clinical Health Act. Washington DC: U.S. Department of Health and Human Services. Retrieved May 24, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html Kocscieniewski, D. (2013, March 3). New York Times. Adobe Systems Security Breach. New York. Retrieved May 13, 2014, from http://www.nytimes.com/2003/10/04/technology/adobe-announces-security.breaches.html?_r=0 Malcom, H. (2014, May 5). Target CEO Out as Data Breach Fallout goes on. USA Today. Retrieved from http://www.usatoday.com/story/money/business/2014/05/05/target-ceo-steps-down/8713847/ Svitek, P., & Anderson, N. (2014, Februaty 25). U-Md Computer Security Breach Exposes 300,000 Records. Washington, Washington D.C., USA: Washington Post. Retrieved May 13, 2014, from http://www.washingtonpost.com/local/college-park-shady-grove-campuses-affected-by-university-of-maryland-security-breach/2014/02/19/ed438108-99bd-11e3-80ac-63a8ba7f7942_story.html US Department of Health and Human Services. (2014, May 27). U.S. Department of Health can Human Services. Retrieved from U.S. Department of Health can Human Services: www.hhs.gov

Recommended Citation: Lomo-David, E., (2014). Massive Digitization of Patient Records Brews Electronic Cankerworms in Healthcare Provision . The Proceedings of the Information Systems Education Conference, v.31 n.3193, Baltimore, Maryland