Healthcare Data Breaches: what is the magnitude of the problem?

Many of us that track the healthcare compliance space, especially after the HITECH Act and its corresponding emphasis on electronic health records (EHRs), have suspected that the potential for persistent breaches of PHI on the part covered entities and business associates was signigicant. This is especially true because the HIPAA Security Rule, which pertains only to electronic PHI (ePHI), had largely been ignored by the healthcare industry (i.e. because EHRs had not been widely adopted). Let's consider some facts based on breach metrics that are widely available. In an article by the following HHS metrics are highlighted: As of August 17, 2011, there have been almost 11.6 million individuals impacted by 300 breaches affecting a minimum of 500 individuals per breach. Approximately 3 out of 4 of these breaches involve electronic media, the rest hard copy such as paper or film, and about 18% involve a business associate of a covered entity. In addition, HDM Breaking News on August 3, 2011, reported OCR has acknowledged that from inception of public disclosure in September 2009 through mid-May 2011, there have been 31,000 breaches affecting fewer than 500 individuals per breach, which only have to be reported to HHS annually. Obviously, these are just the PHI data breaches that have been reported. For a number of reasons it is safe to assume that the number of unreported data breaches could be significantly higher. In short, HHS/OCR are clearly aware that they are sitting on a "ticking time bomb" because as EHRs become ubiquitous so will instances of PHI data breaches unless something is done to curb the tsunami. That something is aggressive HITECH / HIPAA compliance enforcement, coming soon to a theatre near you. Why? Because in the 21st century world of EHRs, HIPAA as a paper tiger is no longer tenable. HIPAA, after its fifteenth birthday, is finally coming of age. Looking for best of breed HIPAA Compliance Software? To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist. If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

Read more detail on Recent Intellectual Property Law Posts –

This entry was posted in Intellectual Property and tagged , , , , . Bookmark the permalink.

Leave a Reply