Prevention is the key to success as health data breach tops 800
Earlier in the month we revealed the 5 biggest HIPAA breaches of 2013 including the second largest breach of all time by Advocate Medical Group affecting over 4 million individuals. In another blow to the healthcare industry the Health and Human Services (HHS) site has added over 70 breaches since last month, bringing the tally to over 800 incidents, where protected health information (PHI) has been put at risk.
The rise in breaches affecting 500 individuals or more has stemmed from recent maintenance updates to the HHS Breach Notification Tool, with further fluctuations expected in the coming months including breaches from as far back as 2012.
Illustrating the extent of these breaches, is a 2012 study on patient privacy and data security undertaken by the Ponemon Institute. Out of 80 participating organizations, 94 percent had had a least one data breach in the past two years that they were aware of. However over half of all participants expressed that it was likely that they would be able to detect such breaches at all. Overall, the study determined that the data breaches were costing these health organizations nearly $7 billion annually.
The updated HHS ‘wall of shame’ now lists 804 breaches that have taken place since 2009 following the implementation of the HIPAA Privacy and Security rule. With now over 29.3 million individuals affected by the recorded breaches to date, the security of PHI will be of greater concern and will be more closely monitored to help prevent the exposure of data moving forwards.
Into 2014 healthcare professionals and organizations alike will therefore need to take additional care with individual’s PHI following updates to HIPAA. Last year presented significant changes to the security of data and technology in the health industry with the introduction of the HIPAA Omnibus Rule; in particular it is now essential to ensure you have a Business Associate Agreement (BAA) with a HIPAA compliant Business Associate (BA), i.e. any organization or entity that routinely provides access or dissemination of PHI – including cloud fax providers.
Fortifying protection procedures and maximising patients rights to their PHI, the evolution of HIPAA is set to place security at the forefront of both consumers and healthcare providers minds. For the year ahead prevention is unquestionably the key to success.
If you haven’t already, undertake a risk assessment to fully understand where threats lie and take preventative measures to protect individual’s information. Invest in BAs who can guarantee HIPAA compliance, such as Sfax. By employing unique user identification and verification; SSL protocol with 2048-bit RSA encryption; secure document exchange with end-to-end 256-bit AES digital encryption; audit control, a backup of all network activity and more, the protection of data – including PHI – is assured.