Patient care will always be priority No. 1 for healthcare facilities. But these days that care extends beyond merely ensuring physical health to include the need to protect patient health information (PHI). Just as their physical bodies are subject to dangerous infections, the theft or misuse of personal information puts patients at risk in a day where that information in the wrong hands can be hazardous.
The protection of a patient’s right to privacy was a driver in the adoption of the Health Insurance Portability and Accountability Act (HIPAA) and subsequently the Health Information Technology for Economic and Clinical Health (HITECH) Act. Under the associated guidelines and rules, facilities were required to notify patients of these breaches, specifically when a breach occurred that was likely to pose a real risk to the individual. And for years now, compliance with the HIPAA Privacy, Security and Enforcement Rules has been a primary motivating factor in healthcare security practices.