The Healthcare Information and Management System Society
("HIMSS") recently released its "Analytics Report:
Security of Patient Data," the third installment of the report
in the last six years. Despite increased confidence in
security safeguards, healthcare providers reported more breaches
than in past years. In 2008, only 13% of respondents reported
a security breach. In 2012, that number jumped to 27%.
Of those, 69% had multiple breaches in a single year.
Why the increased confidence if breaches are actually on the
rise? It could be that almost all healthcare providers are
now conducting an annual formal risk analysis. According to
2012 Analytics Report, 96% did so. This analysis may provide
a false sense of security if the analysis is completed, but the
vulnerabilities identified are not properly investigated or
Another reason may be that many healthcare companies focus on
data breaches from an IT perspective when human resources and
employee policies are just as important. For example,
although loss of mobile devices remains a greater risk than in the
past, human error is still considered the greatest risk.
Unauthorized access by employees constituted 56% of breaches last
year. Failure of employees to follow policies also creates an
increased risk. Indeed, given the steady rise in outsourcing
and third party breaches, it is just as important that a third
party business associate utilize adequate background checks and
ongoing training for employees as the healthcare provider
Last, according to Kroll Advisory Solutions, which commissioned
the HIMSS Report, "providers continue to prioritize compliance
over security" given that compliance is the focus of HIPAA and
the HITECH Act. Even if healthcare providers meet the
statutory compliance standards, a security breach can happen and
its results can be devastating. At best, a data breach can
cause a serious business interruption. Or worse, a provider
can face governmental investigations, lawsuits and media attention
that can negatively impact branding and patient trust.
At the very least, the HIMSS Report reflects the need for
healthcare providers to consider all aspects of security breach
risks and prepare a readiness plan should a breach occur.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Whether you are an employer that provides health insurance for your employees, a business in the growing healthcare industry, a hospital, or other medical provider—or you provide services to any of those entities—you need to know about changes to the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Marilyn Tavenner received bipartisan support from members of the Senate Committee on Finance in her confirmation hearing to lead the Centers for Medicare and Medicaid Services (CMS) though a full Senate vote is being held up, the president released his FY 2014 budget proposal with health care reform and specified reimbursement reductions to providers and manufacturers totaling $400 billion over 10 years sprinkled throughout it, and Department of Health and Human Services (HHS) Secretary Sebelius
The Office of Inspector General for the Department of Health and Human Services has recently issued an updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs.
On Tuesday, the North Carolina legislature has enacted into law, pending the governor's signature, a prohibition on the use of most favored nations clauses in contracts between commercial health insurers and providers.