HIPAA data breaches – The year that was 2016
2015 was ‘the year of healthcare data breach’ since healthcare organizations were not fully equipped with the latest digital technologies to hold back the attacks and overhaul the processes. But, the number of breach incidents is increasing despite awareness, HIPAA regulations, guidelines and strict measures to protect patient privacy.
HIPAA breaches in 2016 just got bigger in number
The fact that the number of HIPAA breaches in 2016 increased by 20% in comparison to the one’s reported to the OCR in 2015 highlights a major concern that still looms healthcare information security. Out of the reported incidents, 16.6 million individuals had to bear the loss of healthcare data that is worth millions in the dark world!
As per the statistics published on the OCR’s “Wall of Shame”, out of the 326 incidents reported in 2016, 253 incidents were attributed to healthcare providers while 51 incidents were attributed to health plan providers. Unauthorized access, hacking/IT incidents and theft topped the list of the major reasons behind HIPAA breaches.
Amongst all, providers were the worst hit. Banner Health breach incident compromised around 3.6 million individual data followed by Newkirk Products Inc, 21st Century Oncology Holdings, Valley Anesthesiology Consultants and more. All these resulted due to Hacking/IT incidents alone.
2017 – What is in store for healthcare security?
Heavy fines and penalties to follow
As the rate of breaches is increasing, so is the pace of HIPAA audits and the aggressiveness of the OCR to enforce the regulations. Larger payouts and settlements are happening in consequence to not doing the needful steps to ensure patient data security.
According to Becker’s Hospital Review, the first seven months of 2016 marked $15 million settlement payments as recorded by the HHS including an incident where NewYork-Presbyterian Hospital was fined $2.2 million.
Although the industry is becoming more vigilant about security and the risks that involve, a more comprehensive risk assessment at every level is the need of the hour.
Adopt a patient centric approach
Every medical record is precious, not only from an organization point of view but also for a patient. With the latest technology and advancement in cyber security, effective measures to curb such breaches should be realized. Stronger PHI encryption for data transmission should be implemented. Proper stakeholder trainings and strict policies are essential to reduce the operational costs to minimize the risk of a breach.
Choose the right technology partner
Above all, your technology service provider plays a major role in planning and developing a secure HIPAA compliant architecture and a robust solution. To know more about HIPAA, read our article that decodes the HIPAA organizational safeguards and compliance rules or reach out to us at Kays Harbor and transfer the responsibility of developing a secure healthcare application for your organization.