If your mobile devices aren't protected by AES encryption, not just passwords, the practice is both out of compliance with HIPAA Security Safeguards and its very existence is threatened. 2015 also saw a number of practices and business associate firms close completely in the wake of a breach. For one San Antonio home healthcare firm, already defunct three years, inappropriate disposal of patient records has caused the Texas Attorney General to file suit last November. The former owners are going to face a tough and expensive court battle, win or lose.
The bottom line lesson for healthcare providers from 2015?
Privacy pays, for the Provider, the Practice as well as the Patient!
Now, let's take a look at the number of incidents, rather than victims. While health plans caused the greatest number of patient-victims, the local doctor, dentist, specialist or clinic is the most likely HIPAA- covered victim. Providers were the site of nearly three out of four breach incidents.
And, your concerns are a lot different than Primera, Blue Cross or Excellus. Let's review the odds of how you are most likely to suffer a breach of records, based on HHS year-end statistics: What kind of breaches were most prevalent at providers?
(Yes, we all feel like this after a breach letter!)
Nearly TEN TIMES as many protected health records were exposed in 2015 as in prior years. A stunning 113-MILLION victims were created. What lessons can we tease out of the remarkable totals?
This is where it gets most interesting: Five out of six incidents were wholly preventable with proper policy practices in place. Not IT, not hacking, but losing equipment that hasn't been encrypted is the real culprit in a provider's practice.
The annual doubling of breach violations that started the decade took a steroidal leap, due primarily to three IT hacking incidents last year against the largest health plans. These occurrences alone resulted in one-in-three Americans receiving breach notification letters. With more than 100 million victims created by IT incursions, the public is right to be alarmed at the threat presented by hackers.
BUT for the healthcare provider, that's a bit misleading.