Survey: HealthCare.gov Increases Risks

Study Identifies Obamacare Privacy, Security Concerns
Survey: HealthCare.gov Increases Risks

Almost 70 percent of healthcare organizations participating in a new survey say that the Affordable Care Act, also known as Obamacare, increases risks to patient privacy and data security.

See Also: Netskope FERPA Mapping Guide

Survey participants also expressed some privacy and security concerns about accountable care organizations and health information exchanges.

The fourth annual Study on Patient Privacy & Data Security, conducted by the Ponemon Institute, a research organization, found that the primary concerns about the Affordable Care Act's health insurance exchanges, or marketplaces, are: insecure exchange of patient information, storing patient data on insecure databases and patient registration on insecure websites.

For its study, Ponemon conducted 388 field interviews with leaders in IT, compliance, patient services and privacy at 91 hospitals and clinics.

While there isn't exchange of patient data between healthcare providers and government agencies on the Obamacare health insurance marketplaces, there is exchange of certain data among government agencies, and with participating insurers, as part of the enrollment process for consumers. So the security concerns revealed in the survey "are perception but grounded in reality. There's more data at risk," says Larry Ponemon, chairman and founder of the Ponemon Institute.

Rick Kam, president and co-founder of security vendor ID Experts, sponsor of the study, contends: "Exchanges are a black hole. Security is still a second priority to getting [the exchanges] up and running."

Healthcare.gov Security

After it's botched launch last October, the HealthCare.gov website and systems, which facilitate 36 state insurance exchanges, faced intense public and Congressional criticism last fall, including scrutiny over data security testing and practices (see HealthCare.gov: How Secure Is It Now?).

Since the Oct. 1 launch, many of the HealthCare.gov's technical issues have been worked out. As of March 1, 4.2 million Americans have signed up for health insurance plans through the marketplaces, Department of Health and Human Services Secretary Kathleen Sebelius said in a March 11 statement. The deadline for open enrollment on the sites is March 31.

Other Risks

The Ponemon study also found security worries related to another program that's promoted under healthcare reform - accountable care organizations. New Medicare insurance reimbursement models reward ACOs, groups of providers that collaborate to offer all necessary treatment for beneficiaries, based on improving patient outcomes and cutting costs through improved care coordination. And that care coordination is often facilitated by health data exchange.

Fifty-one percent of organizations surveyed say they are part of an ACO, and two-thirds of those say the risks to patient privacy and security due to the exchange of patient health information among participants has increased.

When asked if their organization experienced changes in the number of unauthorized disclosures of protected health information, 41 percent of the ACO participants say it is too early to tell, while 23 percent say they noticed an increase.

Another area of concern is the security of local, regional or statewide health information exchanges. One-third of organizations say they do not plan to become a member of an HIE, with a primary concern being data privacy and security. Overall, 40 percent of organizations said they were not confident in the security and privacy of patient data sharing through HIEs.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.