About the same time personal computers became ubiquitous, the medical industry began to formalize talks and discuss the importance, in fact the necessity, of medical record sharing. Recognizing that the most effective sharing process would be computerizing or digitizing those records, the focus was on sharing patient information, not only to replace paper systems with expensive computers to maintain the status quo, but to make a step-function change in healthcare providing a more comprehensive medical record for patients - enabling more informed, wholistic, efficient and competent care by clinicians. While it was years later that the Health Insurance Portability and Accountability Act (HIPAA) was enacted, recognition of the need to select health information technology partners to assist in improving healthcare data security and preventing a healthcare data breach was top-of-mind years before to the more progressive healthcare entities. More about this later…
How Digital Medical Records Spurred Early Interest in Health Data Security
Perhaps because of, or as least in part driven by our collective experience and knowledge of the AIDS virus that was news around the country in the 1980s, the early interest in digital medical records was accompanied by a concern about the security and privacy of personal healthcare data. Perhaps you recall, 27 years ago Earvin (Magic) Johnson retired from basketball the first time when he announced he had the AIDS virus. When he came back to the league, his health status, which was private until the day of his press conference announcing he had HIV, incited many conversations and awakened many fears as those that would play basketball with him were suddenly concerned that they too might contract the disease from a cut or injury inflicted during the game. I know for a fact, whether in the locker room, around the water cooler, or the dinner table, the topic got a lot of people talking, AND thinking.
With this societal knowledge and history as a backdrop, in hindsight, it’s easy to see that it is not by accident, that these two initiatives, medical record sharing and health information privacy had to go hand-in-hand. At the very moment that Magic shared his truth, people across the country had a better understanding of the importance and significance of health or medical record privacy.
Health Data Security is Still Job One
The HIV/AIDS stories in the news, especially those related to a cultural icon, for many formed a tipping point, to use a Malcolm Gladwell phrase. Despite all the public health warnings about AIDS and HIV and knowing your status, if you had not understood the importance and value of privacy related to personal health information before Magic’s revelation, it would be hard not to understand its significance after that press announcement November 7, 1986. This is not to say that the only event to drive home the importance of medical record privacy was about a NBA player, but I am certain that it brought the issue home for many and is illustrative of how one’s health status might change how people see you. In this larger-than-life story, Magic Johnson chose to share his medical situation; most people do not.
Fast forward to today, Aetna Insurance is still reeling from the incident last August when the HIV status of thousands of their members was accidentally leaked through the mail. And most, but not all people are still highly concerned with who knows what about their mental health status. While the stigma is slowly falling away, thanks in part to advocacy and more insight on the risks and consequences of non-treatment, many more people are willing to seek resources to care for mental illness and depression. However, confidentiality and healthcare data security are still paramount, most people value the privacy of their medical records almost as much they value their social security and credit card numbers.
Is Your Health IT Vendor HITRUST Certified?
If you believe as I do that privacy is important and personal medical record privacy is imperative, what are you doing to make sure the personal health information you possess for your patients and members on your network is secure? Have you done all you can to insure your internal systems are secure? Are the vendors you work with taking the utmost precaution to secure and protect the information you share with them? If your answer is that you have a plan in place, and the personnel systems and resources to ensure security, good for you. If not, there are resources available to you.
eQHealth Solutions is HITRUST certified, meaning that we have met industry-defined requirements and appropriately manage risk. The HITRUST Common Security Framework (CSF) certification provides a comprehensive and flexible framework that addresses the requirements of numerous governing entities including federal and state regulations, standards and frameworks, and incorporates a risk-based approach to managing digital security for personal health information that is created, accessed, stored or exchanged. The framework unifies the requirements of existing standards and regulations including HIPAA, HITECH, PCI and COBIT. HITRUST CSF certified status places eQHealth Solutions in a small, elite group of organizations worldwide that have earned this certification.
If you have questions or concerns about your organization and need a partner that can help you assess where your organization’s security policy and practice has gaps or if you need assistance in developing, accessing, and exchanging personal health information in a secure online platform, learn more about HITRUST certification. eQHealth can help.