Today healthcare fraud is a multi-billion dollar industry. The recent surveys by two independent organizations further corroborate this fact. In its second annual Patient Privacy and Data Security benchmark survey, Ponemon Institute found that healthcare data breaches are on the rise despite compliance with HIPAA and the HITECH Act, eroding patient privacy, contributing to medical identity theft and costing the healthcare industry billion annually.
DevEX - reference for building teams, processes, and platforms
Common means of data breaches in healthcare industry
1. Common Means of Data Breaches in Healthcare Industry
Today healthcare fraud is a multi-billion dollar industry. The recent surveys by two independent
organizations further corroborate this fact. In its second annual Patient Privacy and Data Security
benchmark survey, Ponemon Institute found that healthcare data breaches are on the rise despite
compliance with HIPAA and the HITECH Act, eroding patient privacy, contributing to medical identity theft
and costing the healthcare industry billion annually. Even with increased compliance with HIPAA and
HITECH acts, the data breaches are showing an upward trend.
Another survey by a nonprofit consumer protection organization also points fingers at the sloppy handling
of the Patient Health Information (PHI) in the healthcare industry. According to the study conducted by
the Privacy Rights Clearinghouse (PRC), of the six most shocking incidents of data breaches, three of
them belong to the healthcare industry. Let’ look at some of the common ways by which data breaches
happen in healthcare industry.
Employee Negligence
Negligence on the part of employees is the most important cause for the rise in data breaches. Most of
them are not even aware of the need for protecting the health information of patients. Hence, they handle
sensitive information of the patients sloppily and carelessly resulting in the loss of billing records and
medical files. For instance, recently a hospital in California compromised health information of 4.2 million
patients due to employee negligence. The hospital authorities kept the computer containing unencrypted
PHI at an unsecure location.
Mobile Devices
Hospital authorities largely depend on mobile devices to collect, store and exchange health information.
The greatest drawback of using mobile devices is that these are unprotected.
Lost or Stolen Computing Devices
Lost or stolen computing devices are another cause of growing incidence of data breaches in the
healthcare industry. As mentioned above, due to security lapses on the part of the employees and
authorities, computing devices containing sensitive health information of patients are either lost or stolen.
Third Party SNAFU
Another important reason for data breaches is lapses on the part of the third parties namely the business
associates (BAs). In most cases, there is no BA agreement in place thereby leading to lack of
commitment on the part of the BAs in enforcing security procedures.
2. Hence, what is required is a strict compliance with HIPAA/HITECH laws, training staff and employees
about policies and guidelines, encrypting PHI, and so on. These methods can prevent data breaches to a
great extent.
Also read on - compliance management solution, vendor management solutions