Mark Starry's Blog

The Importance of Securing Protected Health Information (PHI) February 16, 2011

How many times have you received a notice from your bank or financial institution that your credit/debit card may have been compromised and your card has been re-issued with a new number and expiration date? This has happened to me on several occasions. The fact that I’m not responsible for charges to the card or even the cost of replacing it is somewhat disturbing, yet convenient. The bank just changes the numbers on my card. Financial institutions see this as a cost of doing business and pass the cost to the consumer through higher interest rates and fees.

Things are a bit different in the world of health care. I have a blood type. I have allergies to certain medications. I might be in a treatment program for a certain type of disease. If PHI is compromised my physician cannot re-issue me a new blood type. They cannot change my allergic reaction to certain medications. More importantly, they cannot roll back the clock to a time when I did not have a disease and/or problem list. Once my PHI is compromised the genie is out of the bottle never to return. There is no re-issuance. There is no second chance.

As healthcare organizations rush to the digital world to get financial incentives from the HITECH act, they should not ignore the responsibility to protect the patient’s right to privacy. With solid investments in information security and privacy programs, health care organizations can have one’s cake and eat it too.