2014 has been a big year for data breaches in the healthcare industry. From malicious insiders to accidental loss of devices containing patient information, the headlines for these data breaches were non-stop throughout this year. Healthcare data breaches can affect organizations even longer after the security issue was discovered. Not only financially, but the trust of patients who have had their protected health information (PHI) stolen and used in some other unauthorized way, will cause the organization to work hard to prove themselves again.
According to the Department of Health and Human Services (HHS), after a healthcare data breach has been discovered, covered entities must provide individual notification to those who might be affected no later than 60 days. But what happens after those 60 days? It would be somewhat of a relief if after the data breach it ends there, no more issues to deal with. However, depending on the type of breach and number of patients affected, even the type of technology at the organization, it could take years for an organization to regain their place as they were before the data breach.
The theft or loss of a device such as, laptops, tablets and mobile phones is a leading cause of PHI being at risk. This is definitely the reason of why file encryption is so important as not only does it keep unauthorized individuals out of the devices, it protects the data itself. Another kind of insider threat is human error, which often leads to healthcare security issues. Whether it is sent through paper mail or electronic mail, regardless, the data itself still must be protected.
These kinds of breaches can cause legal ramifications, and in this case can take a long time and financial burden to resolve. Some lawsuits filed by patients can be months after the breach but some can be even two years after patients’ PHI was exposed.
With all this being said these breaches never just end it will definitely be months, but can be a couple of years for things to settle down, but it is gaining back the trust of current, former and even future patients that will take the longest time as the organizations name and reputation has already been damaged by the breach.
As a healthcare organization, it is paramount to think about what the best data-centric solution you can have to avoid these cases. Digital rights management provide you with the ability to set specific permissions to files containing this kind of PHI data as well being able to revoke access if the device has been lost or stolen is a time stopper for how long these data breaches will cause a lingering effect for these organizations.
Photo Credit: Daniel Borman
