sharing records electronically. In 2012, 58 percent
of U.S. hospitals exchanged data with other
providers, according to the U.S. Department of
Health and Human Services (HHS), which said
that exchanges have been growing.
At the same time, providers face increased
scrutiny from regulators hunting for violations
of privacy laws, including the Health Insurance
Portability and Accountability Act, or HIPAA.
HITECH also contains provisions protecting
Evidence of aggressive enforcement is seen
Federal law is prodding doctors, hospitals and
other health care providers to digitize and share
patient records. Stiff penalties await them if they
fail to keep the data safe.
The competing demands — to open up yet lock
down patient records — illustrate one of the chief
cyber risks in health care. A spike in reported
data breaches indicates the industry still has work
to do. Roughly 6. 4 million records were exposed
in 2012, up from 500,000 in 2011, according to
NetDiligence, a cyber security company that based
its findings on claims data.
As providers increasingly rely on wireless
and networked devices, they are creating
more windows that hackers could smash open,
according to insurance executives and privacy
experts. The new technology also fuels the risk of
disruptions in care, the main business of hospitals
and other providers.
Look around a hospital, said Bob Parisi,
national practice leader for Network and Privacy
Risk at brokerage firm Marsh. “All you see are
these incredibly complex and sophisticated
machines. All of that data, while it may not be
connected to the Web, it’s all basically software-
and computer-controlled,” he said. “While the
advancements are wonderful, and in many
cases truly miraculous, there is a technological
Such vulnerability presents a security burden
complicated by the push to have providers
exchange patient data more easily.
Under the Health Information Technology for
Economic and Clinical Health Act, or HITECH,
providers are earning millions of dollars in
reimbursement from Medicare and Medicaid
Health care providers are under pressure to share data electronically.
At the same time, liability exposures from patient data breaches are
on the rise, leaving the industry in a tricky position. BY JOEL BERG
RISK & INSURANCE®
IN-DEPTH: HEALTH CARE CYBER RISK OCTOBER 1, 2013
The Privacy Pinch
• The health care industry is facing competing
pressures to protect patient information as well as to
• New laws assume every questionable event is
a reportable privacy breach, unless a provider can
• Data stored on medical devices and equipment
presents additional risks.
MEDICAL DEVICES have patient health and financial data stored on them, adding to cyber exposures in the health care industry.