Looking for Something Specific?
Search the Blog Archives.
Data breaches are a ubiquitous part of life and many are not even considered “newsworthy” unless they involve tens of thousands of consumers. But, for healthcare providers, attacks on ePHI (electronic Protected Health Information) and ePII (electronic Protected Identifying Information) are on the rise. Attacks are taking many forms including ransomware, phishing schemes and more. In healthcare, most breaches of patient information must be reported to the US Department of Health and Human Services (HHS). HIPAA privacy enforcement is under the direction of the HSS’s Office of Civil Rights (OCR). Breaches of security for protected information can result in hefty fines and/or corrective action plans.
Just How High Can Settlements Be?
So far in 2016 the top settlements included:
It should be noted that these fines and similar ones in 2015 stemmed from the failure of these organizations to correct known security problems. So, if your organization is aware of violations or the potential of a violation and you don’t act to fix it, count on a substantial settlement or fine if you are audited.
What is a HIPAA Data Breach?
The official language for a data breach, as defined by HHS is available online. But, let’s see the actual meaning in normal everyday language rather than the legal and bureaucratic jargon contained in the official regulation.
A breach is an incident that endangers the security and/or privacy of the health and personal information a health care provider or its business partner has about patients. The three things that determine if a breach occurred and needs to be reported are:
If a provider has a breach, not only must HHS be notified, but notifications must be sent to individuals whose health information was part of the breach. In fact, some breaches may also be required to report the issue to the media.
What Types of Data Breaches Are Reportable?
The health care industry is as tempting to cyber criminals as honey is to a bear. In 2014, hacking was the major concern of health care providers. But, in 2015, lost or stolen devices are at the top of the list with other forms such as hacking right behind. Following are the top reasons for data breaches in the health industry in 2015.
|Top Reasons for Health and Personal Information Breaches – 2015 Health Care Industry|
|Type of Incident||Percentage of Reportable Incidents|
|Lost & Stolen Assets||45.4|
|Misuse of Access Privileges||20.3|
|Point of Sale (POS)||3.8|
|Payment Card Skimmers||0.1|
Taken together, only three of the top ten incidents account for more than 85% of all health care industry data breaches.
Are Data Breaches Preventable?
Certainly. Following are some of the ways to do this.
The Role of a Managed Services Provider (MSP) in Preventing Data Breaches
Many health care providers have begun to migrate to the cloud and are choosing vendors that can provide tightened security after a transition. With an MSP you gain advanced hardware and software solutions that are customized to your needs, but with already strong security features such as firewalls and automatically updated software against malware and viruses.
System updates, especially in small offices where there is no real IT function,
Companies often neglect patching software when it comes in – with an MSP this is a burden that is no longer your organization’s concern.
VITECH is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (800) 536-2156 or send us an email firstname.lastname@example.org at for more information.
Fill In The Form Below for industry news, information about our services, events, webinars and more.