In 2013 alone, more than 875,000 healthcare records were exposed due to compliance breaches. Since the HIPAA Omnibus rule went into effect September of 2013, there is now a potential liability of $1.5 million dollars per breach. Think about that for a moment. What would be the effect of even one data breach—and the associated $1.5 million dollar liability —on your organization? What if there were 10 data breaches?  
The damage would be devastating, to say the least.
According to the 2013 Identity Theft Resource Center Data Breach Report, about 43% of all reported identity thefts in the U.S. in 2013 were medical-related.
More often than not, data breaches by employees are unintentional. An employee downloads patient data to a mobile device—with the intent of using it to help a patient—and then accidentally takes it home. Or, an employee accidentally sends the data to someone not authorized to see it. In each instance the breach came from an innocent place, but the effect is not harmless.
James Bindseil of securityinfowatch.com believes that the root of the problem lies in healthcare IT departments that make it impossibly difficult to deliver competent, efficient, patient care within the boundaries of compliance. Bindseil likens IT policies to roadblocks—either stopping patient care in its tracks, or forcing healthcare professionals to find another, non-compliant method around them. He asks this question of facilities: “Has your IT staff created an environment that caters to information security, compliance, and patient care?”
Add into the mix the fact that data security from an IT standpoint is a moving target. Threats to data security constantly change, and therefore so must the solutions to them. From the IT perspective, security measures must be constantly tested, evaluated and upgraded.
With health information data breaches expected to skyrocket in 2014, according to Experian’s 2014 Data Breach Industry Forecast, use these tips when evaluating how employees handle data security:

Conduct a HIPAA security audit at least annually.Erin McCann of Healthcare IT News makes the point that HIPAA requires annual security audits. More importantly, though, they can help prevent costly data breaches. Update your facility’s policies based on what you learn from the risk analyses.
Encrypt data on portable devices:  Portable devices are becoming increasingly more prevalent in the treatment of patients. These mobile devices increase efficiency, but add another level of difficulty to IT’s job. One simple solution is encrypting data on these mobile devices—a happy marriage between compliance and patient care.
Train your workforce: Bindseil points out the importance of training employee’s on the facility’s policies as well as regulatory requirements.
Provide the right tools: According to Bindseil, IT needs to work closely with healthcare providers in order to develop the tools “most appropriate for their day-to-day circumstances, and develop safeguard policies to protect patient data.” This will keep providers from relying on outdated, unsecure tools.

In April 2010, a single copy machine containing patient data was compromised, and the effect was devastating.  $1.2 million of devastation, in fact.  That solitary incident exposed more than 340,000 patient records, and is just one example of how a single data breach can have a far-reaching impact. The biggest issue is that data is everywhere and in more machines and forms than ever before. Yes, keeping all of that information is secure is an uphill battle, but facilities must use every resource at their disposal to combat breaches.
Data security is the responsibility of every employee and every commercial visitor. Communicating the importance of this issue, providing HIPAA training, and ensuring that every employee knows what they need to do to secure patient’s healthcare data is a large part of the solution to this industry-wide problem.
Learn how LDS Hospital – Intermountain Healthcare, Ellis Hospital and The Nebraska Medical Center utilized vendor credentialing to improve patient safety. Click here to download these case studies.


hbspt.cta.load(343129, ‘d400bfdd-ef15-4a76-9fca-f202243847ec’, {});

Share This