Email is now the top source of healthcare breaches
Writing in Modern Healthcare, Reporter Jessica Kim Cohen noted that since 2010, nearly 200 million people in the U.S. had their health information exposed in data breaches. And, she added, that number’s only going up.
Citing Federal Data, Cohen reported that in 2018 alone, 13 million people had their health data exposed in 366 breaches. That was an increase of 2% from 2017’s report of 359 breaches that providers, health plans and their business associates reported.
Why is email so exposed?
According to Cohen, since 2017, email has been the primary outlet through which health data is exposed. That year, there were 85 email breaches—more than double the number reported in 2016—accounting for nearly one-quarter of all healthcare breaches.
At issue is that more data is circulating electronically. Previously, most healthcare organizations and their business associates attributed breaches to the theft of paper records or laptops. Many of the email breaches are the result of phishing tactics in which hackers obtain sensitive data by posing as a trusted entity, such as the recipient’s employer.
The cost of HIPAA compliance failure can be steep
Writing in The National Law Review, Von Briesen attorneys Stacy Gerber Ward and Madeline Schmid reported that penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA) are getting stiffer. Providers may be trying to comply by implementing HIPAA policies and procedures, but, they say, the enforcement trends suggest the growing importance of rigorous audits and enforcement of those policies.
The pair noted the following breaches resulting in consequences of significance:
Vigilance matters in compliance
According to Gerber Ward and Schmid, one of the hallmarks of an effective compliance program is to regularly engage in risk assessments, follow enforcement trends, and then evaluate whether your organization is at risk. They conclude that while for many years providers have been focused on implementing HIPAA policies and procedures, the enforcement trends suggest that the focus needs to shift to ensuring that those policies and procedures are monitored and enforced to avoid exposure to increased penalties.
Regardless of industry or in some cases, geography (Healthcare/Financial Services/Insurance – in the US or Canada), no one is immune from oversight and regulatory compliance. Nor is it possible to completely eliminate bad actors. However, a vigilant, well-run compliance system can spot irregularities and give an attentive compliance team a chance to nip exposures before they get out of hand. That’s where Patrina can help. We’ve built our business based on helping organizations keep track of “bad apples,” and stay on the “straight and narrow” efficiently and cost-effectively. So, let’s talk. Call 212-233-1155 to ask about Patrina’s cost-effective, designated third-party services, our comprehensive 8-module compliance solution, and compliant data capture & archiving, and records archiving specifically designed for the healthcare, insurance, and financial services community. Be smart. Be covered.Let’s talk.