The approximate annual cost of healthcare data breaches is $6.5 billion, and for organizations that are victims of a data breach the approximate economic impact is $2.2 million (Perna, 2012, p. 20). Health care organizations (HCO) should take the following steps to better reduce the risk of a data breach:
1. Invest in educating their staff; in order, to reduce the improper handling of PHI. HCOs should automate the encryption process as much as they can.
2. Update outdated processes. For example, HIPAA requires 128 bit encryption of PHI, but 128 bit encryption has been known to cracked by hackers in a matter of hours, so organizations need to update their encryption standard in order to protect their data (Mick, 2010).
3. HCOs must evaluate their entire processes regarding data security, organization-wide. My department has many of its own policies that are different from the organizations, and for departments like mine, an evaluation of process might yield potential places where data may be compromised.
4. The biggest cause of data breaches by HCOs in 2011 was by the portable devices that were stolen or lost (Perna, 2012, p. 20). HCOs should adopt virtualization and prevent data from being saved to portable devices. Also, by installing encryption software to USB devices that can be given to employees, the threat of data breach by lost or stolen devices will be greatly reduced.
5. Investigate and take the proper legal action, when entering into contracts with third party vendors. Data security questions should be a focal point in all RFPs and negotiations with third party vendors.
6. HCOs need to adoptHIPAA Audit Protocols to be in compliance with HIPAA (Sheldon-Dean, 2012).
HCOs need to take a proactive role when approaching data security, and data breaches should not be underestimated. As more PHI goes digital and hackers invade HCOs, a proactive approach is the best way to prevent data breaches.
Mick, J. (2010, January 10). Researchers crack 3G GSM 128-bit encryption in under 2 hours. Retrieved on September 7, 2013 from http://www.dailytech.com/Researchers+Crack+3G+GSM+128bit+Encryption+in+Under+2+Hours/article17417.htm
Perna, G. (2012). Data security 101: Avoiding the list. Health Informatics, 29(9), 18-21.
Sheldon-Dean, J. (2012, October 2). Mitigating the top five HIPAA security issues. Proceeding of the 2012 American Health Information Management Association Convention, USA.
With the proliferation of the electronic health records (EHR) and the digitization of paper medical records, as federal funding through meaningful use has increased the number of physician practices that have adopted EHRs, so has the risk ofdata breaches increased (Perna, 2012, p. 18). In 2011, more than 10.8 million people had their protected health information (PHI) compromised, up from 5.4 million in 2010 (Perna, 2012, p. 18). That brings the three year total of individuals affected by data breaches to over 19 million (Perna, 2012, 20). These are staggering numbers, and the risk of data breaches need to be addressed. Some of the biggest causes of PHI loss, in no particular order, are:
1. Improper encryption education of medical workforce (Perna, 2012, p. 20; Sheldon-Dean, 2012).
2. Manual and outdated processes are still in use (Perna, 2012, p. 18).
3. Standards and best practices are incoherent or overlapping (Sheldon-Dean, 2012).
4. Security of portable devices and access by remote users allow for remote storage of PHI that is later lost of stolen (Sheldon-Dean, 2012; Perna, 2012, p. 20).
5. Breach of PHI by third-party vendor (Perna, 2012, p. 20).
6. Compliance information that is incomplete (Sheldon-Dean, 2012).
7. Unintentional employee breach (Perna, 2012, p. 20).
8. Data breach caused by unintentional system error (Perna, 2012, p. 20).
9. Theft of data by criminal attack (Perna, 2012, p. 20).
This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike 3.0 United States License.
Christopher M. Bell