PwC: Health industry under-prepared to protect privacy

By Mike Miliard
September 22, 2011
11:09 AM

A culture of confidentiality
PwC's research found considerable concern for the "knowledgeable insider." On average, improper use of personal health information by an internal party was the leading privacy/security issue experienced by healthcare organizations over the last two years. Because of lack of awareness or training, breaches can result easily and with greater probability from mishandling of paper documents, people talking in the elevator, or comments made via social media channels. In addition, risks of data breaches and the complexity of consent agreements rises when information is shared with business associates, the source of more than half of reported health data breaches affecting more than 11 million people since 2009.

PwC's survey found:
 

  • More than half of healthcare organizations allow access to social networking while at work; less than half have a policy covering the use of social media outside of work.
  • Less than half (37 percent) of health organizations surveyed incorporate approved uses of mobile devices and social media as part of company privacy training.
  • Only 58 percent of providers and 41 percent of health insurers say they include the appropriate use of electronic health records (EHR) as part of employee privacy training.
  • Only 36 percent of health organizations perform a pre-contract assessment of their business associates such as business partners and vendors, and just 26 percent conduct post-contract compliance assessments.

Opportunities and risks
Digitized health data is becoming one of the most highly valued assets in the health industry, and, according to PwC, all kinds of organizations are now converging around the shared use of the information to enable new care delivery models such as accountable care organizations, outcomes-based reimbursement and the advance of wellness, preventive and personalized care.

Organizations also are discovering the potential in secondary uses of the information beyond treating patients, such as in clinical studies, post-market surveillance of drugs and the development of new products and services to better understand patient health and behaviors. Yet PwC found that while many organizations are sharing information, the complexity of consent further increases and few organizations have established proper restrictions and consent agreements to control proper access. PwC's research found that:

  • Only 17 percent of providers, 19 percent of payers and 22 percent of pharmaceutical/life sciences companies have a process in place to manage patients' consent for how their information can be used.
  • Nearly three quarters (74 percent) of healthcare organizations surveyed said they already do or intend to seek secondary uses for health data; however, less than half have addressed or are in the process of addressing related privacy and security issues.
  • Sixty-one percent of pharmaceutical and life sciences companies, 40 percent of health insurers and 38 percent of providers currently share information externally. Of those organizations that share data externally, only two in five pharmaceutical and life sciences companies (43 percent) and one in four insurers (25 percent) and providers (26 percent) have identified contractual, policy or legal restrictions on how the data can be used.

A new approach
PwC's research found that the recent increase in breach enforcement actions have prompted health organizations to focus more on privacy and security, and that there is growing recognition of privacy and security compliance as central to maintaining a trusted brand.

"To protect patient trust and their own brand reputation, organizations need to go beyond minimum regulatory requirements and adopt an integrated approach that combines privacy, security and compliance within a culture where all employees see themselves as champions of confidentiality and where privacy is part of the patient experience," said Peter Harries, principal and co-leader, Health Information Privacy and Security Practice, PwC.

Organizations with integrated approaches to privacy and security say they have realized the benefits, including a significant increase in data security and a slight decrease in the number of privacy/security issues, depending on the extent of their integration. PwC found that health insurers were more likely than providers and pharmaceutical/life sciences companies to have integrated their approach to a great extent.

A full copy of PwC's report can be found here.

Topics: 
Electronic Health Records (EHR, EMR), Health Information Exchange (HIE), Privacy & Security

More regional news

Two medical researchers in a lab look at information on a laptop

New NIH tool uses genAI to connect volunteers with clinical trials

By
Andrea Fox
November 26, 2024
A pharmacist doing an inventory using a digital tablet

Singapore General Hospital developing AI to prevent antibiotic resistance

By
Adam Ang
November 25, 2024
View of Mount Sinai Health System buildings in Manhattan

Mount Sinai Health announces new Center for AI and Human Health

By
Andrea Fox
November 25, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Two medical researchers in a lab look at information on a laptop
New NIH tool uses genAI to connect volunteers with clinical trials

Most Read

GPs cry My Health Record 'overhaul' and more briefs
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill
CIOs must understand change management theories, frameworks and practices
India-specific big cancer database goes live
Epic calls on Carequality to release Particle dispute resolution
VP candidates' EHRs may have been improperly accessed by VA employees

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Paul Wilder at CommonWell Health Alliance_Part 2_Digital binary code with springing lock Photo by JuSun/iStock/Getty Images Plus
Notching up FHIR at scale - Part 2
Paul Wilder at CommonWell Health Alliance_Part 1_Digital binary code with springing lock Photo by JuSun/iStock/Getty Images Plus
Notching up FHIR at scale - Part 1
David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes

More Stories

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
Stethoscope on an iPad
HIMSSCast: Care provider or tool? When and why patients like AI
EHR tips on migrating an all-digital hospital to Epic
Patient in mask talking to receptionist in mask
Almost a quarter of Americans underinsured, survey finds
VA building signage
House passes veterans healthcare package without RESET Act
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
David Miles of Oklahoma Heart Hospital
Deep dive: A tour of all-digital Oklahoma Heart Hospital, where automation is the norm
Healthcare workers looking at X-ray images on monitors
Streamlining healthcare operations with multicloud-by-design