Healthcare data and the burgeoning health sector are increasingly under attack by cyber security criminals. Healthcare data is sensitive and confidential -- it includes HIPAA Security Rule protections governing electronic individually identifiable health information and, in Massachusetts, personally identifiable information regarding residents of the Commonwealth. Data that could be exposed in a cyber security theft (or loss) includes name, postal and email addresses, land lines and cell phone numbers, social security numbers, medical record numbers, public, private and self-funded health plan data, financial data, and more. Particularly sensitive information in the health context necessarily includes a patient’s detailed medical conditions – medical/surgical and behavioral health, dates of service, treatments, and prescription medications.
Patients are rightfully aggrieved when data breaches occur. Whether or not hackers are brought to justice does not diminish the ‘breach’ of trust that the public experiences in regard to the healthcare industry, nor does it replace patient transitions to new providers after a breach occurs. Providers are vulnerable to data breaches, but the actual 'breach’ occurs when sensitive healthcare data, unlike financial or educational data, exposes patients' health status, medical conditions, and insurance information, or, prevents a patient from accessing health care.
Electronic health records (EHRs) impose significant considerations on providers as they transition to or maintain EHRs while protecting patient data with the utmost security, confidentiality, and integrity. Our industry’s increased reliance on EHRs presents new challenges in a sector already subject to significant regulation and confidentiality | privacy concerns. EHRs raise new questions and concerns regarding providers' quality of care to patients.
If you find this topic interesting, you'll value ‘Health in the Digital World,’ which is one of the three tracks scheduled for the MBA’s Annual Health Law Symposium on Friday, May 20th. http://www.massbar.org/cle/cle-programs?k=4265&kp=4260. At this event, attendees will engage with esteemed faculty members who will provide substantive knowledge and updates on data breach class actions, the Gobeille v. Liberty Mut. Ins. Co decision and its implications for state data repositories, telemedicine challenges and opportunities, and patient monitors – apps, wearables, and the regulatory landscape. Attendees may also select from other tracks – Hot Healthcare Topics and Health Policy Matters. As Chairperson of the MBA Health Law Section Council, I personally invite you to join your colleagues and other healthcare leaders throughout the Commonwealth for this innovative and insightful event. We look forward to your attendance and welcome your participation.
Lorianne M. Sainsbury-Wong | MBA Health Law Council Section, Chair
Litigation Director & Compliance Atty.
One Federal Street
Boston, MA 02110