Today, ninety-nine percent of hospitals across the country now use electronic health records (EHRs), compared to thirty-one percent in the year 2002 (Landi, 2012). “An electronic health record is an electronic version of a patient’s medical history, that is maintained by the provider over time, and may include all of the key administrative clinical data relevant to that person’s care under a particular provider, including demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports (Centers for Medicare and Medicaid, 2012).” EHRs provide the ability to quickly transfer patient data from one department to another. They provide the ability to ultimately increase the number of patients seen in a day by enhancing patient workflow and increasing productivity. EHRs also improve management and patient care with a reduction in errors. While it is evident that electronic health records have evolved healthcare, due to the sensitive nature of the information stored within EHRs, it is critical that safeguards are implemented to ensure the privacy and security of patients.
In the year 2017, there were 477 healthcare breaches reported to the U.S. Department of Health and Human Services or the media, which affected a total of 5.579 million patient records (Landi, 2018). While 2017 had fewer massive health data breaches compared to the previous year, there was still an average of at least one health data breach per day throughout the entire year. It was also found that nearly 37 percent of all breaches in 2017 were the result of hacking incidents that included ransomware/malware. Once a medical organization’s system has been compromised, often because an employee has clicked a link in a sketchy email, all patient files are held hostage until a ransom is paid. Computer viruses can arrive in many different ways, via emails, text messages, and websites that are set up specifically for the purpose of attacking naive and unsophisticated users.
Small health-care facilities like doctors’ offices are uniquely vulnerable to cyber-attacks, and often lack the resources to defend themselves and simply cannot afford to retain in-house cybersecurity expertise. Congress could help with this issue by adjusting two existing laws that were designed to prevent improper business arrangements between doctors and hospitals. A report by the Healthcare Industry Cybersecurity Task Force recommended changes to the Physician Referral Law (Stark Law) and the Anti-Kickback statute, which prevents doctors from receiving any kind of payment from a hospital or clinic in exchange for patient referrals or other business, such as lab work, that is reimbursed by federal healthcare programs including Medicare and Medicaid (Orcutt, 2017). According to the report, many hospitals would like to assist smaller business partners choose cyber security tools so that they do not become a liability, but are afraid that they would violate these laws.
127 our experts are availableright now
These regulations were enacted prior to the development of information technologies and the healthcare system has since evolved into a network that is heavily dependent upon data being stored and moved electronically. While most generally agree that these law need to be updated, there is disagreement on how much reform needs to occur. “The Stark law is an important tool, which for many years has protected beneficiaries from inappropriate referrals and overutilization of care. Evidence continues to documents that these self-referrals have a detrimental impact on care. (Levin, 2018).” While it is evident that the Physician Referral Law (Stark Law) and the Anti-Kickback made sense as a way to protect the public and the Medicare program from abuse at the time it was enacted, what made sense for the healthcare system of the 1980s does not necessarily translate to the modern healthcare system.
Amending these laws could clear the way for hospitals to assist smaller doctors’ offices without the threat of legal trouble which would reduce the overall risk, but it is only a small piece of a complicated puzzle that policymakers must solve in order to truly fix health care’s cybersecurity issues. Improving patient care is a central goal, as the healthcare system is an interconnected and interdependent network, cyber threats are a shared challenge, shared responsibility and will require a shared effort.
