Data breaches are becoming more common in the healthcare industry. According to a recent report published by the cybersecurity and application testing firm Redspin, Inc., 9 million Protect Heath Information (PHI) records were compromised in 2014, up 25% from the year prior.
The report also found that more than 40 million Americans suffered a data breach during the period of 2009-2014. What's really shocking, however, is that the report did not reflect Anthem's data breach, in which some 80 million patient records were believed to be compromised. As noted by Redspin's President and Chief Executive Officer (CEO) Daniel Berger, PHI breaches are going to have to be reported as either pre or post-Anthem, due to the massive size of Anthem's breach.
“In 2014 alone, 164 incidents of breaches of PHI were reported to the HHS Office of Civil Rights (OCR), impacting nearly 9 million patient records. This was a 25% increase over 2013. More than 50% of the 2014 totals were caused by hacking attacks, including a 4.5 million patient record breach at Community Health Systems (CHS) in Franklin, Tennessee,” wrote Redspin in a press release.
So, what's causing this disturbing spike in data breaches? The report found that just over half of all PHI breaches were attributed to hacking, whereas 30% were caused by unauthorized disclosure and/or access. Far too many doctors, physicians and other covered entities turn a blind eye to cybersecurity, placing their patients' PHI files at risk. Under the federal Health Insurance Portability and Accountability Act (HIPAA), however, covered entities are responsible for implementing measures to protect PHI.
Another interesting point taken from the recent Redspin report is that five of the largest data breaches accounted for 85.4% of all disclosures. In other words, breaches affecting large companies typically have the greatest impact. Of course, this should come as no surprise given the massive impact of the Anthem breach.
Whether you are a small independent physician or a surgeon at a large hospital, you should familiarize yourself with the HIPAA Rules. Ignorance is no excuse for lack of compliance, and the Health and Human Services (HHS) is cracking down on violations left and right. Just ask yourself, can you really afford to be fined for a HIPAA violation? Stay compliant and be prepared in the event of an audit.