HIPAA Headaches: What Happens When Patient Data is Compromised
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation that outlines how health records must be protected and secured. However, in today’s technology advanced world, data breaches are occurring at an alarming rate and some of those breaches have compromised health records. Healthcare providers must understand how dangerous medical record breaches can be and what to do if they believe their data has been compromised.
Incidences of Medical Record Data Breaches
Over the past few years, 89 percent of healthcare organizations experienced a security breach. One reason hackers are particularly interested in health records is that they contain information that can lead to identity theft, such as social security numbers, home addresses and even the names of family members which are often used as security questions. It is expected that more than 25 million people will have their medical information stolen between 2015 and 2019. Breaches occur in many different ways. Some of the most common reasons for a breach in health records include:
- Healthcare employee uses an unsecure cloud-based app to access protected health information
- Excel spreadsheets with patient information copied and stolen
- Missing backup disks from an unlocked storage facility
- A weak password leads to a server breach
- Doctors or administrators provide staff with usernames and passwords enabling an employee unauthorized access to data
- The hacking of a server leading to the misappropriation of patient information
Healthcare Provider Responsibility Under HIPAA
All medical professionals, including doctors, nursing professionals, and technicians are required to safeguard patient records as much as possible. The 2009 stimulus act required that a breach that affects 500 or more patients must be reported to the Department of Health and Human Services as well as the media. One way that healthcare providers could provide added protection is to encrypt data, something that financial organizations have done for years, but something that healthcare providers have been slow to adopt. Other ways that medical records can be protected is by improved cloud storage and stricter password rules.
One thing that the government is looking into to stop the increase in medical record breaches is an increase in fines against healthcare providers when data is breached. In many cases, the breaches occur due to lax security at the healthcare location. More than 40 percent involved portable devices like laptops or USB hard drives while a large number of other breaches occurred due to easily-hacked passwords. Since the enactment of HIPAA, there were more than 22,000 complaints about violations of privacy in medical records but only one fine has been issued since 2003.
It is critical that healthcare providers take as many steps as possible to protect the records of the patients they care for and there are steps that can be taken to that end. Encryption, stronger password requirements and secure cloud storage are three of the best ways you can keep your patient’s health records safe. Hopefully, the above information will help you, as a professional, to better secure your patients’ data.
Hannah Whittenly is a freelance writer and mother of two from Sacramento, CA. She enjoys kayaking and reading books by the lake.
Please also review our Case Management Program