An annual study by the internet security firm White Hat Security found that the average website had 230 "serious vulnerabilities"—those that could lead to breach or data loss—in 2010. The good news is that healthcare websites were among the most secure, with an average of 35 serious vulnerabilities in 2010, edging out even banking and financial services sites.
The bad news? It doesn't matter how many or how few times a healthcare organization's data is breached or even if it is only potentially breached. In the healthcare industry, it takes just one event—a lost laptop, a misfired e-mail, or a website that leaks sensitive, user-specific data—to make headlines.
Healthcare leaders are rightly concerned about it. In the 2011 HealthLeaders Media annual industry survey, we asked technology leaders to rank their top three concerns about electronic medical records and/or patient portals: privacy and security was the number one ranked choice.
(On a side note, tech leaders were less concerned about data security in health information exchanges—only six percent said it was the biggest roadblock to HIEs. Respondents could only choose a single answer to this question, however; funding, interoperability, and lack of standards were cited as more pressing and immediate concerns.)
Data privacy and security was—as always—a hot topic at this year's HIMSS conference. Amidst the usual debates about voluntary social security identifiers and tech-talk about algorithms, one voice suggested a low-tech way of countering some of those headlines.
There will never be support for better access to electronic health data without a consumer voice to drive it—but they need motivation to speak up, says Matthew Bates, Sr. VP of Innovation at Thomson Reuters—one of the many industry folks I talked to in Orlando last month.
"The only consumer voices we're really seeing consistently right now are the ones saying 'Hey, I don't really want a giant database controlled by the feds with all my info in it,'" he says.
Stories in the media about the exchange of healthcare information are dominated by data breaches and medical errors. Those stories are tragic, he says, but they're just one side of the story.
One way to counter that negative press is to publicize some of the positive stories about how health information data can improve care, prevent errors, and save lives, he says.
There are stories of patients and docs who have had some great experiences because of interoperability—and healthcare leaders should make sure that patient-consumers hear them, Bates says. He suggests the government sponsor public service announcements on the topic. That celebrities share testimonials. The more stories patient-consumers hear about the power of medical information to impact outcomes, he says, the more they'll demand that the information be shared.
"I think there are some heartfelt stories out there."