Data Security Stressing Health Care Counsel
When thieves stole a laptop from a medical worker's car, who knew that it would become a big stressor for general counsel across the country?
According to a national survey of health care attorneys, more than 75 percent of the general counsel say that data security is the issue they worry about the most. The $5.5 million penalty against an Illinois-based health care group must have still been on their minds.
Advocate Health Care System agreed last August to pay $5.5 million to federal regulators for computer thefts from a doctors' office and a staff member's car. The group was also penalized for failing to protect records that somebody hacked at a company handling the hospital's billing.
In an age when cyber-insecurity has spread like a disease, health care providers have it bad. Because of heightened privacy requirements in the industry, their lawyers are on the forefront of the problem.
The Health Insurance Portability and Accountability Act, which mandates data privacy and safeguards for medical information, has been a concern for general counsel since it was enacted more than 20 years ago. But as cybersecurity threats and enforcement actions have multiplied, they are really feeling it.
The general counsel survey -- Consero Group's 2017 Healthcare General Counsel report -- shows that health care lawyers are having a hard time managing. Norton Healthcare general counsel Robert Azar, reflecting on the findings, said hospitals have little control over other people.
"It's just daunting," he said in a National Law Journal article. One big fear, he said, is "patients and their families walking through the hospital taking cellphone pictures and posting and texting. I mean, how do you control that?"
Medical personal, likewise, can potentially text confidential information on their phones. He said even doctors, who have staff privileges but are not system employees, present difficulties with their mobile devices.
"The ability to control those is fairly limited," he said. "It's created a situation where most people feel it's inevitable that something bad is going to happen."
- Managing Cybersecurity Risk in a HIPAA-Compliant World (Coalfire Systems)
- Are There Legal Issues With Tracking Ex-Employees' Social Media? (FindLaw's In House)
- Don't Let Your Company's Social Media Team Get You Sued (FindLaw's In House)