Orthopedics This Week | February 14, 2017 - Page 6
ORTHOPEDICS THIS WEEK VOLUME 13 , ISSUE 5 | FEBRUARY 14 , 2017 6
Anyone who ’ s completed a medical form knows exactly how sensitive that information can be . Simultaneously , healthcare organizations are lagging other industries when it comes to transitioning to digital records — and they ’ re being pressured into transitioning faster . Electronic health records ( EHRs ) are challenging because they must still apply by HIPAA ( Healthcare Insurance Portability and Accountability Act ) laws . EHRs can update patient records in real-time and are instantly available to authorized users , maximizing convenience . However , EHRs , like any digital record , may also be hacked by unauthorized users . In some regards , EHRs are easier to steal than hard copy medical records .
According to the HealthIT . gov website , today ’ s EHRs might “ contain a patient ’ s medical history , diagnoses , medications , treatment plans , immunization dates , allergies , radiology images , and laboratory and test results .” It ’ s illegal under the Americans with Disabilities
Act ( ADA ) for a prospective employer to ask about a candidate ’ s health records , including HIV status , or disability before a job offer . However , with health records stolen and sold on the dark web , it ’ s feasible for anyone ( potential employer included ) to discover a victim ’ s diagnosis and health status .
By the Numbers
The HHS Office for Civil Rights lists almost 300 medical data breaches impacting over 500 people in 2016 . Grimberg says these kinds of breaches are a challenge because “ It ’ s very different than 20 , 30 years ago , when you had very clear footprints and fingerprints all over the criminal activity . Now it ’ s very easy to mask your criminal activity on the internet .”
Still , most websites tout incredible vulnerabilities . The 2016 WhiteHat Security “ Website Security Statistics Report ” notes that 86 % of all websites have at least one “ serious vulnerability .” In the healthcare industry , WhiteHat estimates that 47 % of sites are “ always vulnerable ” and just 10 % are “ rarely vulnerable 30 days or less per year .” While average vulnerabilities range widely per industry ( the lowest is manufacturing at five vulnerabilities on average per site , while IT is the highest at 32 vulnerabilities on average per site ), WhiteHat ’ s report specifically states , “ Regulated industries , such as financial services and healthcare , are not performing significantly better or worse than the rest .” On average , White- Hat estimates healthcare sites have five serious vulnerabilities per site and 12 general vulnerabilities per site .
The length of time vulnerabilities stay on a site also varies by industry . Information technology has the most at 875 days per average , but healthcare averages 406 days — that ’ s well over a year that each vulnerability stays on sites . Healthcare industries also average remediation rates below 50 % according to WhiteHat . Still , that ’ s an improve-