As the nation moves toward growing use of electronic medical records,
data vulnerability becomes increasingly evident.
A new report released on Wednesday by Kaufman, Rossin & Co., showed
4.9 million patients had their personal health information compromised
as a result of 166 data breaches that occurred during the first year
of the Health Information Technology for Economic and Clinical Health
(HITECH) Act
The act was signed into law in February 2009 to promote the adoption
and meaningful use of health information technology. It also provides
for more stringent fines for privacy breaches.
Of the breaches in the study, laptops were the greatest source, being
involved in 43 cases and affecting more than 1.5 million individuals.
All of the breaches occurred between Sept. 21, 2009 and Sept. 21 2010,
the first year when breach incidents were publicly reported to the
Secretary of the Department of Health and Human Services
“There are so many various ways for data to be breached in this day
and age and many businesses are not properly prepared or are
completely unaware of just how vulnerable this information is,” said
Jorge Rey, the study’s co-author and director of information security
and compliance with Kaufman, Rossin. “The HITECH Act is changing the
way PHI must be protected and those companies that are not serious
about protecting their patients’ information find themselves facing
serious reputation, legal and financial repercussions.”
Among other findings:
Theft was the primary cause of a data breach, occurring 58 percent of
the time; loss and other were tied in second at 14 percent.
20 percent of the breaches occurred at a business associates.
Theft affected the highest number of individuals: 3.12 million
32 percent of breaches were reported within the first three months
The report notes that data breaches come in various forms, from
hacking to medical information that is mailed to the wrong address,
though the later is responsible for a very small amount of the
breaches.
The report sites some examples of theft such as:
An impostor posing as a representative of a legitimate vendor stole
several barrels of purged x-ray films, which contained the health care
information of approximately 1,300 patients.
A laptop computer was stolen from a hospital employee’s vehicle that
contained the health care information of 943 patients
A binder with printed protected health information was stolen from an
employee’s vehicle and contained the information of up to 1,272
patients.
The report goes on to recommend that health care organizations review
their security policies, encrypt new and existing laptops and perform
detailed annual risk assessments, among other things.
No comments:
Post a Comment