The American National Standards Institute has released a report emphasizing the business incentives for healthcare providers to improve their IT security, and the potential costs of failures to increase security protocols.
The report notes that the healthcare industry’s move toward fully adopting electronic health records increases the opportunities for protected health information (PHI) to be lost, stolen or inadvertently leaked. These breaches can be costly for the organizations responsible for safekeeping that data, and can also erode patient confidence in their healthcare providers.
Despite these breaches causing widely recognized damage, the report indicates that many feel that their organizations are not taking sufficient steps to improve document security. Of nearly 1,000 surveyed professionals, less than 30 percent believed that they had sufficient resources to maintain industry-standard compliance programs.
Speaking to InformationWeek, Rick Kam, president and co-founder of ID Experts, said that in order to convince their organizations to invest in IT security, IT professionals should use “investment language.” By doing so, they can show CEOs and CFOs the “business cases for things that would enhance privacy and security of protected health information.”