Healthcare // Security & Privacy
09:06 AM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Obamacare Vs. Patient Data Security: Ponemon Research

Healthcare professionals worry that healthcare regulations mandating patient data exchange are luring more data thieves, says Ponemon study.

Comment  | 
Print  | 
Oldest First  |  Newest First  |  Threaded View
David F. Carr
David F. Carr,
User Rank: Author
3/13/2014 | 9:51:45 AM
What's the Obamacare connection?
Is the study saying that the health insurance exchanges in particular pose a cybersecurity hazard? I get that theft of a health insurance ID number is particularly valuable to the thief, but I'm not sure the insurance number is ever issued through that service. More likely that insurance numbers would be associated with patient records in a hospital or provider system that was breached.

Are there other provisions of Obamacare, besides the creation of the exchanges that encourage/require sharing of health information in some risky way? I associate most of the stuff about health insurance exchange more with the Meaningful Use program.
User Rank: Author
3/13/2014 | 5:31:02 PM
Re: What's the Obamacare connection?
The study is a result of a poll so it's perception, not necessarily reality, that ACA puts patient data at risk. Some reasons: Pure and simple, more people sending health-related information to central locations, and the sheer volume of health data being exchanged by private and government agencies. Even though there were some downward shifts in breaches, there isn't much to celebrate and the industry has to do more. Healthcare security execs predict a Target-like breach for this business; with sites like, cybercriminals have one more very attractive target in their sights.
User Rank: Ninja
3/15/2014 | 10:03:15 AM
All depends on implementation
Germany has EHRs for almost two decades and there is no known data breach so far. It all comes down to implementation and maybe not always going with the cheapest solution possible.
User Rank: Author
3/17/2014 | 9:50:33 AM
Re: All depends on implementation
That's interesting, @moarsauce. For one thing, it shows just how far behind the US has been in terms of adopting technology within healtcare. For another, it demonstrates how secure these systems can be, when implemented well. One thing I wonder, though: What disclosure laws does Germany have if a healthcare provider's data is breached? Does an organization have to notify patients, partners, etc., if data's potentially been lost or stolen and what are the criteria (for example, after 500 records are affected; within 30 days...)? 
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.