Common Means of Data Breaches in Healthcare Industry

Today healthcare fraud is a multi-billion dollar industry. The recent surveys by two independent organizations further corroborate this fact. In its second annual Patient Privacy and Data Security benchmark survey, Ponemon Institute found that healthcare data breaches are on the rise despite compliance with HIPAA and the HITECH Act, eroding patient privacy, contributing to medical identity theft and costing the healthcare industry billion annually. Even with increased compliance with HIPAA and HITECH acts, the data breaches are showing an upward trend.


Another survey by a nonprofit consumer protection organization also points fingers at the sloppy handling of the Patient Health Information (PHI) in the healthcare industry.  According to the study conducted by the Privacy Rights Clearinghouse (PRC), of the six most shocking incidents of data breaches, three of them belong to the healthcare industry. Let’ look at some of the common ways by which data breaches happen in healthcare industry.


Employee Negligence

Negligence on the part of employees is the most important cause for the rise in data breaches. Most of them are not even aware of the need for protecting the health information of patients. Hence, they handle sensitive information of the patients sloppily and carelessly resulting in the loss of billing records and medical files.  For instance, recently a hospital in California compromised health information of 4.2 million patients due to employee negligence. The hospital authorities kept the computer containing unencrypted PHI at an unsecure location.


Mobile Devices

Hospital authorities largely depend on mobile devices to collect, store and exchange health information. The greatest drawback of using mobile devices is that these are unprotected.


Lost or Stolen Computing Devices

Lost or stolen computing devices are another cause of growing incidence of data breaches in the healthcare industry. As mentioned above, due to security lapses on the part of the employees and authorities, computing devices containing sensitive health information of patients are either lost or stolen.


Third Party SNAFU

Another important reason for data breaches is lapses on the part of the third parties namely the business associates (BAs). In most cases, there is no BA agreement in place thereby leading to lack of commitment on the part of the BAs in enforcing security procedures.


Hence, what is required is a strict compliance with HIPAA/HITECH laws, training staff and employees about policies and guidelines, encrypting PHI, and so on. These methods can prevent data breaches to a great extent.

Processing your request, Please wait....

Leave a Reply