HIPAA data breaches in first half of 2015 (Jan to June) – an indepth analysis

According to the United States Office of Civil Rights, health care providers reported 139 HIPAA data breaches in the first half of 2015. While this might seem like a low number of incidents, it’s important to point out that legally, only HIPAA data breaches that affect 500 or more individuals are required to be reported.

While the stringent requirements placed on healthcare providers by the 1996 Health Insurance Portability and Accountability Act (HIPAA) make HIPAA compliance challenging, the benefits of compliance make it easier to provide individuals with coverage while securing confidential healthcare information and balancing administrative costs. The costs of not maintaining HIPAA compliant software development practices, however, can be crippling.

The magnitude of 2015’s HIPAA data breaches

While the number of HIPAA data breaches might seem low, the magnitude of individuals affected is staggering. Of the 139 incidents and 94 million plus individuals impacted, more than 98% of those victimized are the result of only five incidents. These five incidents, the results of hacking or failure in maintaining proper standards of HIPAA compliant technology practices at the network server end of the businesses, took place at Anthem, Inc., Premera Blue Cross, CareFirst BlueCross BlueShield, Virginia Department of Medical Assistance Services, and the Georgia Department of Community Health. Combined, the incidents at these five companies led 92 million individuals’ medical data being compromised.

HIPAA data breaches offer no safe harbor

Regardless of the design or intended use of your software or application, if the product allows the user to store or transmit data that is considered to be patient health information (PHI), then it must meet HIPAA compliance standards. In such cases, it’s vital that HIPAA compliant software development practices are in place.

Make sure user data is protected at all levels of communication, internal and external.
Ensure the use of HIPAA compliant network and email servers.
Implement different security measures across multiple access levels of electronic data in form of user authentications and passwords.
Include functionality to remotely wipe data from mobile devices in the event of loss or theft.

A partnership to ensure HIPAA compliant software development

As healthcare practitioners, you face enough challenges to handle day to day operations and provide a world class customer centric healthcare delivery. You need a partner that understands HIPAA compliance and how best to position your team to create a product that will be as immune as possible to HIPAA data breaches. You need a partner that understands HIPAA compliant software development and be able to implement these best practices into your product.

For more information on HIPAA compliance requirements for mobile applications, check out our article on developing HIPAA compliant mobile apps or reach out for a free consultation session to explore how a partnership with Kays Harbor can protect your organization when it comes to developing a healthcare application.