The health care system needs to collect information from patients, providers, and others in order to function. This information is frequently of a sensitive nature, so sufficient security precautions must be taken to safeguard the information and comply with government regulations. For example, such systems must comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as well as the Health Information Technology for Economic and Clinical Health Act, enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (“HITECH”).
However, security often must be balanced against accessibility. Very secure processes for collecting healthcare information may be inconvenient to patients or caregivers, and sufficiently onerous processes might be an obstacle to actually collecting healthcare information. Alternatively, such processes might be bypassed or worked around if the capability exists to do so, negating much of their security value.