Breaches rose by 10 percent in first half of this year versus last year’s numbers.
The United States is home to about 320 million people, which may sound like a high number — until you hear that nearly 246 million records were compromised in the first half of this year. That staggering number came as the result of 88 data breaches in early 2015, most of which occurred in the healthcare field, said digital security company Gemalto in its report, “2015: First Half Review — Findings from the Breach Level Index.”
Among the many breaches was the hack into Anthem Insurance’s servers, which compromised 78.8 million records that included protected health information. Because the Anthem breach was so massive, the leading source of data breaches in the first half of this year was malicious outsiders, which remains a growing threat, Gemalto said in its report.
Some 22 percent of breaches were attributed to accidental loss — a commonly-seen problem within home care and hospice providers. This could include misplacing a laptop with medical records on it, losing an external hard drive that contains patient social security numbers or losing track of a box of papers with patient names on it.
“It’s apparent that a new approach to data security is needed if organizations are to stay ahead of the attackers and more effectively protect their intellectual property, data, customer information, employees and their bottom lines against data breaches in the future,” the report notes.
Prevent Stolen Laptops From Becoming HIPAA Violations
Many providers fall victim to HIPAA violations due to keeping unencrypted PHI on portable devices. “Encryption is an algorithmic process that scrambles the drive and scrambles electronic data that is being transmitted,” says Paul Hales, a healthcare attorney in St. Louis, Mo. “You need the key in order to unscramble it.”
Breach protection: “If you have a laptop that’s encrypted in a way that meets the federal standard and it’s stolen and it contains the PHI of 50,000 patients, that’s not a breach because the encryption makes it impossible to read the information,” Hales emphasizes. Encryption is very inexpensive and simple to do, so providers that don’t take advantage of that feature could be putting themselves at risk of a breach.
Other, less obvious issues could lead to a breach as well. For instance, if you hire a marketing company to create a website for you, chances are that you’re going to include patient testimonials on it. “But what many people don’t realize is that the patient must execute a HIPAA-compliant authorization for that testimonial,” Hales says.
Think ahead: In addition to your standard HIPAA lingo, you should create additional authorization forms such as those for patient testimonials to put on your website or on social media like your Facebook page. You might also need authorization forms for unexpected reasons. For example, if a patient is in a car accident and there’s a lawsuit involved, you must have an authorization to release the information to the lawyer, Hales says.
Note: Gemalto’s report is at www.gemalto.com/brochures-site/download-site/Documents/Gemalto_H1_2015_BLI_Report.pdf.