Look around your doctor’s office, and ask yourself who among these people is protecting your private data. Is it:
- A) The doctor? I hope not! I hope my doctor spends all of her time learning to be the best doctor possible.
- B) The underpaid front desk clerk who just last week took a computer training course to get this job?
- C) The overworked PA or nurse who performs the bulk of routine care? Does he have time to look after your privacy?
The answer is:
- D) None of the Above.
Who is responsible for protecting my data?
The people responsible for your privacy are the ones you do not see because they are not there. Information security is a specific field of knowledge and skills that requires training and constant practice for proficiency. Have a look here at sample exam topics for a basic certification. You don’t have time to learn all of this. Nor do you have the inclination, and neither do the people who practice and support medicine.
Privacy is expensive!
The bigger problem, though, is that most practices are not aware of the gap between what they know and what the law requires. So, they are not budgeting for or hiring those who have the knowledge to perform a security risk analysis, educate the staff, and secure the technical infrastructure like computers, networks, and mobile phones, and they are also not budgeting for:
- Ongoing training on privacy issues
- Ongoing maintenance of policies
- Ongoing maintenance of IT
- Monitoring for compliance and breaches
This assumes private practices have the funds for such hirings and the time to supervise them. Likely, most do not, and so we will see many more stories like this. As the market becomes aware of these issues through fines and negative publicity, we may see smaller practices decline as they roll up into hospitals or corporations in order to defray the costs of compliance.