A recent released report shows that in 2011 there was a 97% increase (year over year) in data breaches of protected health information (PHI). The report authored by Redspin, Inc. also showed that 19 million patient’s health records were affected in this increase in breaches. Over the past few years there has been an unprecedented level of data breaches carried out by thieves and other unauthorized individuals who either stole or snooped into patient records.
The Redspin’s 2011 PHI Breach Analysis utilized information from the U.S. Department of Health and Human Services’ (HHS) documents. They looked at HHS files for health related data breaches between October 2009 and November 2011. The company’s analysis showed that of the 385 breaches during this time period, 39% took place via a laptop computer or some other portable device. Another 25% happened on a desktop PC or a network server. The largest percentage was from malicious intent either to steal or to view. This was 60%.
“It makes logical sense that as more protected health information is digitized, it becomes structured data maintained in databases and is easier to access and transfer to a laptop or portable storage device, which then gets lost or stolen,” Redspin’s president and CEO Daniel Berger told InformationWeek Healthcare. “Now you can have one million patient records stolen in one incident as opposed to someone walking out the door with a file folder of 30 patient records.”
In this case, use of a secure flash drive such as LOK-IT would eliminate this liability when using portable storage devices.
The study took note that this rise is due to the adoption of electronic health records and also the usage of new technologies like tablets and smaller laptops by the healthcare industry. On top of this increase in mobile device usage, healthcare IT departments haven’t been able to create policies to prevent data breaches.
“The proliferation of portable devices and media within all IT environments that store PHI increase the likelihood of breach geometrically. Few healthcare employees could tell you what corporate IT security policies are in place; it is even rarer to find security awareness training programs,” the report states.
Self-policing may not be enough. States like New York are establishing governing bodies to oversee implementation of best practices for securing PHI. New York state health officials announced the establishment of the Statewide Health Information Network of New York (SHIN-NY) Policy Committee to improve protection of personal health information. In light of recent high profile data breaches in the health care industry, other states are focusing efforts as well.
“We believe strongly that if security is not made a top priority the health security trust model could fail. We think it’s time for another round of federal regulations to take things a step further and say that all PHI should be encrypted if it’s on portable devices,” Berger said. “The importance of the adoption of electronic health records is so critical to the industry that it’s time for the regulations to be more prescriptive.”
Health Data Breaches Increase 97% in 2011
A recent released report shows that in 2011 there was a 97% increase (year over year) in data breaches of protected health information (PHI). The report authored by Redspin, Inc. also showed that 19 million patient’s health records were affected in this increase in breaches. Over the past few years there has been an unprecedented level of data breaches carried out by thieves and other unauthorized individuals who either stole or snooped into patient records.
The Redspin’s 2011 PHI Breach Analysis utilized information from the U.S. Department of Health and Human Services’ (HHS) documents. They looked at HHS files for health related data breaches between October 2009 and November 2011. The company’s analysis showed that of the 385 breaches during this time period, 39% took place via a laptop computer or some other portable device. Another 25% happened on a desktop PC or a network server. The largest percentage was from malicious intent either to steal or to view. This was 60%.
“It makes logical sense that as more protected health information is digitized, it becomes structured data maintained in databases and is easier to access and transfer to a laptop or portable storage device, which then gets lost or stolen,” Redspin’s president and CEO Daniel Berger told InformationWeek Healthcare. “Now you can have one million patient records stolen in one incident as opposed to someone walking out the door with a file folder of 30 patient records.”
In this case, use of a secure flash drive such as LOK-IT would eliminate this liability when using portable storage devices.
The study took note that this rise is due to the adoption of electronic health records and also the usage of new technologies like tablets and smaller laptops by the healthcare industry. On top of this increase in mobile device usage, healthcare IT departments haven’t been able to create policies to prevent data breaches.
“The proliferation of portable devices and media within all IT environments that store PHI increase the likelihood of breach geometrically. Few healthcare employees could tell you what corporate IT security policies are in place; it is even rarer to find security awareness training programs,” the report states.
Self-policing may not be enough. States like New York are establishing governing bodies to oversee implementation of best practices for securing PHI. New York state health officials announced the establishment of the Statewide Health Information Network of New York (SHIN-NY) Policy Committee to improve protection of personal health information. In light of recent high profile data breaches in the health care industry, other states are focusing efforts as well.
“We believe strongly that if security is not made a top priority the health security trust model could fail. We think it’s time for another round of federal regulations to take things a step further and say that all PHI should be encrypted if it’s on portable devices,” Berger said. “The importance of the adoption of electronic health records is so critical to the industry that it’s time for the regulations to be more prescriptive.”