Health IT Pulse

Sep 7 2011   11:20AM GMT

Endured a data breach? You’re not alone

cbyertechtarget Profile: cbyertechtarget

Tags:
health care data breach
PHI

Whether personal health information (PHI) is extracted, hacked or viewed by an unauthorized user, it constitutes a health care security data breach. These data breaches, which are a chief concern among a variety of health care professionals, must be kept under control. That, however, has not been the case according to an August 2011 survey by Veriphyr.

The online survey asked respondents questions regarding perceptions of privacy and compliance; monitoring tools for unauthorized access to PHI; the type of breaches sustained in the past year and how long they took to resolve, among other figures. It led to a plethora of telling results.

Approximately 71% of respondents noted that they suffered a breach of PHI in the last year, a result that is not a revelation for Alan Norquist, CEO of Veriphyr, a security product vendor used to detect enterprise user access. “Given that data breaches of patient information cost healthcare organizations nearly $6 billion annually, we were not very surprised to discover that more than 70 percent of the organizations surveyed were victimized last year,” he said.

The type of data breach varied as well as two or more types of breaches were prevalent at 38%. The most common breach was “snooping into medical records of fellow employees” at 35%. Next came “snooping into records of friends and relatives” at 35%, followed by “loss/theft of physical records” and “loss/theft of equipment holding PHI,” 25% and 20%, respectively.

Many breaches were discovered in one to three days (30%), while others took two to four weeks (17%). Some 12% of respondents said that the breach was discovered within one week. And while discovering the breach is crucial, resolving the breach is equally important: 25% of respondents resolved the breach in two to four weeks, 18% in one week and, lastly, 16% in one to three days.

Although 80% of respondents were pleased with their organization’s senior management on compliance and security measures, there is much concern over mitigating PHI breaches via monitoring tools. Of those, 79% said they were “somewhat concerned” or “very concerned” that their existing controls do not enable timely detection of breaches of PHI. Additionally, 52% stated they did not have adequate tools for monitoring inappropriate access to PHI. Improving the ability to monitor access to PHI is a worthwhile investment, according to 47% or respondents who plan to increase PHI detection in the next year for security protection.

Whether an accident or willful neglect, data breaches can result in steep fines. Since the inception of the HITECH Act, patients must be notified if a data breach occurred and include particulars such as: when it occurred, how it is being resolved, which PHI was accessed and procedures to protect any further disclosures.

11  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • SearchHealthIT
    Endured a #healthcare #databreach? FWIW, you are not alone http://t.co/17vB6B5 #datasecurity #HIPAA
    0 pointsBadges:
    report
  • SCHIMA
    Endured a #PHI data breach? You and 71% of your peers are not alone http://t.co/AumlLzQ #HealthIT #HITsm #HIPAA #EHR
    0 pointsBadges:
    report
  • HIPAASecureNow
    RT @hitexchange: Endured a #PHI data breach? You and 71% of your peers are not alone http://t.co/aVK92IA #HealthIT #HITsm #HIPAA #EHR
    0 pointsBadges:
    report
  • Jenny Laurello
    Endured a #PHI data breach? You and 71% of your peers are not alone http://t.co/AumlLzQ #HealthIT #HITsm #HIPAA #EHR
    0 pointsBadges:
    report
  • MedQuest
    Endured a #PHI data breach? You and 71% of your peers are not alone http://t.co/AumlLzQ #HealthIT #HITsm #HIPAA #EHR
    0 pointsBadges:
    report
  • Jenny Laurello
    Endured a #PHI #databreach? So have 71% of your peers http://t.co/cjqnoNou #HealthIT #HITsm #HIPAA #EHR
    0 pointsBadges:
    report
  • Fortrex
    Endured a #PHI #databreach? So have 71% of your peers http://t.co/cjqnoNou #HealthIT #HITsm #HIPAA #EHR
    0 pointsBadges:
    report
  • Stillerman Law Firm
    Endured a data breach? You’re not alone http://t.co/sDSDox2J #healthlaw #phi
    0 pointsBadges:
    report
  • MedQuest
    Endured a #PHI #databreach? So have 71% of your peers http://t.co/5UPsiMiF #HealthIT #HITsm #HIPAA #EHR // via @HITExchange
    0 pointsBadges:
    report
  • Data Breach News | Securing Reality™
    [...] SALT LAKE CITY — It’s simply crazy how frequently “data breach” is showing up on Google News’s left hand column of trending topics lately. It seems — at least, empirically — that nine times out of 10 when you click on “data breach” to find out what is the latest story getting major traction, it’s a health care data breach. [...]
    0 pointsBadges:
    report
  • OIG: CMS fails to meet medical data breach reporting standards - Health IT Pulse
    [...] than 70% of health care professionals responded that their organizations suffered a data breach during a yearlong period, according to a [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: