Welcome to the Nexus of Ethics, Psychology, Morality, Philosophy and Health Care

Welcome to the nexus of ethics, psychology, morality, technology, health care, and philosophy

Saturday, December 17, 2011

Breach concerns rise for health care firms

By Judy Greenwald
Business Insurance
Originally published on November 27, 2011

Hospitals increasingly need a new kind of specialist on call: data security experts.

Health care institutions are particularly vulnerable to data breaches because of factors that include stringent federal and state regulations, widespread dissemination of patient data and a growing black market for patient medical information.
At CNA Financial Corp., for instance, health care represents about 25% of the data breach insurance business written but 60% of all claims, said Mark Silvestri, Quincy, Mass.-based vp of product development and director of CNA's NetProtect.
There are steps health care firms can take to minimize breach risks (see related story on best practices).
Despite the data security challenges they face, health care institutions generally perform well, experts say.
“By and large, I think they do a good job, some better than others,” said Nicholas Economidis, an underwriter of professional liability and specialty lines at Beazley Group P.L.C. in Philadelphia. However, information that “exists in multiple forms throughout an organization,” as it does in health care institutions, is a “very difficult exposure to control,” he said.
The dispersal of that data is an issue as well. While banks tend to keep information internally, health care data is handled by many more organizations, said Tom Srail, Cleveland-based senior vp with Willis North America Inc. “The nature of the health care business requires the sharing of that same information,” he said (see related story on third-party providers).
Patrick Moylan, New York-based senior associate with Dubraski & Associates Insurance Services L.L.C., said health care institutions are increasing their Internet activity with partners that include physicians, health plans and pharmacies.
Having “more people in the line of that chain that have the potential to handle sensitive data simply increases the risk that data will be accessed by accident, or by a third party,” with the potential that it could be used fraudulently, he said.
The sheer breadth of personal information that health care institutions hold complicates the issue.
The entire story is here.