A recent article in Forbes addresses the massive healthcare data breaches in 2015 where over 112 million records were lost, stolen or inappropriately accessed. The Office of Civil Rights (OCR) under the department of Health and Human Services publishes these data breaches as reported to it and required by HIPAA. The numbers are a bit staggering. The top ten data breaches accounted for the majority of the violations and most of the headlines focused on hackers.
While hackers breaking into systems make the headlines, there are also a large number of data breaches as a result of negligence, lost or stolen devices and basic human error. A data breach study from 2015 estimates that breaches cost the healthcare industry about $5.6 billion annually. While companies like Anthem may have insurance against this type of loss, you can bet those premiums are passed along to consumers through rising healthcare insurance and other increases.
As healthcare moves toward connected care, the amount of data exchanged between organizations will only grow. So what does this mean? It means that in 2016, we’re going to see a huge movement towards encryption in hospitals and other healthcare facilities in order to protect EHRs and other vulnerable PHI.
According to a 2014 Healthcare Breach Report, 68 percent of all healthcare data breaches since 2010 are due to device theft or loss. The headlines make it appear that hackers are attacking databases, but the reality is most of the problems are from unstructured content inside documents – and those documents are not encrypted. Encrypting data is vital to protecting patient information. Recent privacy and security laws, like those from New Jersey, are mandating that insurance carriers must encrypt personal information. This will logically include anyone that deals with the carriers and handles PHI.
Can we expect more of the same in 2016 or will healthcare providers and anyone dealing with PHI begin to see the light? Legislation is getting tougher and consumer outcry may help turn the tide. As credit card data becomes less valuable, PHI becomes more valuable. Anthem may have insurance that covers their losses, but once your healthcare records are compromised, it’s difficult to stop the bad guys from causing you financial and legal pain.
Photo credit Intel Free Press