CEO of Protenus, leveraging AI to reduce risk and improve patient trust for healthcare systems across North America.
Over the past year, healthcare organizations have navigated Covid-19 and everything it entails — patient surges, workforce burnout, inventory shortages, vaccine distribution and so on — with arguably fewer resources than they had before the pandemic. The crisis prompted a slew of clinicians to leave healthcare altogether, and despite federal aid in various forms, health systems are reeling from revenue losses incurred by elective procedure cancellations and pandemic-related expenses.
These strains on healthcare resources have inevitably led organizations to make tough sacrifices. As Covid-19 caused total upheaval, important policies and procedures went by the wayside because hospitals had too much other critical work to do.
"For most of the year, healthcare was focused on trying to enable remote work while managing the front-line logistics of a global pandemic," Imperva Research Labs senior vice president, fellow and report author Terry Ray wrote on the company's website. "Thus, less time was spent on threat research, incident response and incident analysis."
The choice to funnel limited clinical and financial resources into battling Covid-19 is understandable and necessary. However, it also means that business priorities further from direct patient care, such as regulatory compliance, are neglected. Noncompliance resulting from the absence of proper data monitoring can cost health systems millions of dollars in fines and penalties — not to mention reputational damage, which already-struggling organizations simply cannot afford.
More Risk, Less Regulation
At this stage in the pandemic, as devoting resources to Covid-19 vaccine scheduling and distribution limits the resources that can be allotted to compliance upkeep, the risks that compliance teams must manage and prevent from turning into astronomically expensive incidents are skyrocketing.
As of March 2021, the U.S. was averaging 2 million Covid-19 vaccine doses administered per day, up from 1.3 million doses daily in February. These tens of millions of people coming through hospital doors represent an influx of patient data being stored in electronic healthcare records. Including everything from birth dates, family history, billing information and Social Security numbers, this valuable data can be easily misused, and organizations have an ethical and legal obligation to protect it.
While healthcare organizations' strained resources leave compliance teams with fewer tools to do an increasingly difficult and critically important job, regulators have relaxed rules in an effort to temporarily alleviate the burden. For example, retroactive to December 11, 2020, the Office for Civil Rights (OCR) lifted penalties for potential HIPAA violations "related to the good faith use of online or web-based scheduling applications to create patients' Covid-19 vaccine appointments," Health IT Security reported.
Essentially, organizations won't be penalized for noncompliance with HIPAA as a result of using potentially less secure apps and methods for vaccine scheduling given the overwhelming public demand for doses. However, the relaxed penalties came with a caveat — the OCR stressed that organizations should still take all necessary safeguards to protect patient health information.
After all, risks are on the rise. In the first three days of 2021 alone, as the vaccine rollout entered its fourth week, healthcare saw a 43% spike in data leakage, which included unauthorized transmission from within an organization to an external recipient or system, according to the Imperva report. Considering the budget, staffing and clinical constraints occupying organizations' time, there is likely much more data leakage that hasn't even been detected yet.
All Eyes On Covid-19 Vaccines
As Covid-19 vaccine distribution claims healthcare's attention, organizations are flooded with requests for data on vaccinations. For a slew of purposes, this kind of information is highly sought-after by the public and the media as well as by government entities across the country and around the world. While facing this immense pressure to disclose Covid-19 vaccine data of great public interest, hospitals and health systems have the difficult task of ensuring that any release of information is done in compliance with patient privacy laws.
Compounding compliance risks is the fact that public interest and record snooping go hand in hand. One example of this is when the New York Post noted in September 2020 that "multiple employees at the hospital where George Floyd was pronounced dead inappropriately accessed his medical records."
The Covid-19 vaccine has dominated headlines around the world. As demand outpaces supply, questions surrounding the vaccine's rollout — and who can get the vaccine — are abundant. This intense, widespread public interest can create the potential for snooping by any remotely curious healthcare worker who forgets or otherwise flouts HIPAA rules.
The decision made by some front-line healthcare workers to not receive the vaccine as well as interest regarding Covid-19 diagnoses among loved ones could provide even more potential incentives for snooping. In light of these temptations, healthcare organizations must take action to prevent improper EMR access by equipping compliance teams with artificial intelligence-powered technology capable of protecting vast amounts of data from rising threats...
Continuing reading the full article here
This post is related to:Opioid Stewardship & Drug Diversion Prevention