Healthcare organizations spend and worry more about litigation and regulations than their counterparts in many other industries, study finds. Specialized software helps.
firms said they encountered issues with privacy or protection during a dispute or investigation in 2013.
In 2013, for example, pharmaceutical companies battled generic drug makers in the Supreme Court, and the DoJ filed suit against Novartis Pharmaceuticals. More than 7 million patient records were breached in 2013 alone, according to Redspin, leading to HIPAA breaches and subsequent investigations and penalties. When the federal government gets large settlements or continued monitoring agreements, its coffers swell, said Yvonne Puig, US Head of Life Sciences and Healthcare at Norton Rose Fulbright, in an interview.
"This has led to lots of money coming into enforcement at both the federal and state level. With increased enforcement, a general counsel will decide to hire outside counsel, such as ours, and use inside counsel to look at internal compliance programs," she said. "They read about internal enforcement and want to get on top of the trend. As a result, you see a spike in enforcement."
To handle this increased volume, 47% of healthcare organizations surveyed employ more than five full-time lawyers. Despite this, 60% used external counsel to complement their internal resources or -- in 19% of cases -- to conduct six or more internal investigations, according to Norton Rose Fulbright.
Technology is both blessing and curse for healthcare providers.
"We see our life sciences and healthcare clients in particular looking at the special challenges of storage with cloud computing," Puig told us. "As a healthcare company looking for places for storage it is extremely important to consult your in-house and external counsel to ensure compliance. Social media has created special and unique regulatory and compliance and litigation concerns."
That does not mean, however, that healthcare clients should shun cloud and social media. Rather, they should appropriately measure and manage risk, said Puiz.
"If you have to go to a place that has no risk, you can't be competitive. You can't stand still. We must keep pace and be ahead of the technologies that serve our industry."
The first step in addressing a regulatory or legal issue is organization, said CynergisTek's McMillan. That means ensuring that software tracks users' electronic footprints, scrutinizing cloud providers' service-level agreements, and making sure an organization adheres to security and storage best-practices, he said. Adding software that makes it easy to find the information that attorneys -- or subpoenas -- require speeds up the process, which often benefits the healthcare organization, McMillan noted.
"Half of beating a lawsuit or ending up with a better result is being prepared for the allegations or being able to refute them," said McMillan. "Most organizations can't respond or they don't respond to the right thing or in an effective manner. Then the lawyers have a field day."
Download Healthcare IT In The Obamacare Era, the InformationWeek Healthcare digital issue on changes driven by regulation. Modern technology created the opportunity to restructure the healthcare industry around accountable care organizations, but ACOs also put new demands on IT.
Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!