December 6, 2011
A couple of weeks ago, the Department of Health and Human Services’ Office for Civil Rights launched the HIPAA compliance audit program (see Just When You Thought HIPAA Didn’t Matter all members) – causing managers of provider organizations to rethink their policies on data privacy and security and the consequences that come with security breaches.
What are the causes of those HIPAA privacy and security breaches? If you’re thinking hardware or access software programs or data storage services, you’ve got half the equation. In 2008 there were 360 electric data breaches, which affected seven million electronic health records (see In 2008, Seven Million Individuals’ Electronic Health Information Released in Data Breaches ). These security issues included 4.3 million due to electronic data loss during transmissions, 2.2 million due to subcontractors security issues, 335,805 due to accidental exposure, 94,809 due to insider theft and 12,000 breaches due to hacking. The second half of the equation, are the people using your technology. As my IT friends like to tell me frequently, “it’s a user error, not a system error.”
And, the number of privacy and security breaches are on the rise – and increasingly costly. According to a recent report in CIO Insight (see Health Care Data Breaches Up by 32 Percent), health care data breaches costs organizations $6.5 billion annually. And, as we move to broader use of electronic health recordkeeping systems, the number of breaches, the number of health care records affected by breaches, and the cost to both provider and payer organizations will continue to rise.
What is a manager to do? Good policies and procedures are a start. Design systems that assume that people will make mistakes. Test, test, and test again so that you can demonstrate that your system is compliant and auditable.
For a more in-depth look at these measures check out 10 Tips For Avoiding Privacy Breaches—And Penalties all members and Ten Tactics to Avoid Penalties for Health Information Privacy & Security Breaches . And, if you have questions about how best to prepare your system and your team to prevent future privacy breaches, send your questions to the OPEN MINDS team at email@example.com.
Monica E. Oss
Chief Executive Officer, OPEN MINDS
For another free resource, see: Is Health Information Technology Deregulating Patient Privacy? all members
This is free for the next sixty days to all registered OPEN MINDS Circle members.