While approaches to patient data protection have evolved over the past several years, the aggressive transition to electronic health records (EHR) and the consumerization of IT have resulted in greater digital threats to patient privacy, according to Asigra.
According to a 2012 Healthcare Information and Management Systems Society (HIMSS) Analytics report titled, Security of Patient Data , “Data breaches not only risk revealing patient health information, they also open up those whose information is compromised to identity theft, fraud and other violations. While hospitals are stepping up to regularly audit their monitoring and response procedures, reports of data breaches are on the rise.”
Among the 207 data breaches that affected more than 500 healthcare organizations over the past 12 months, 27% reported a security breach compared with 19% in 2010 and 13% in 2008. 69% of the organizations that experienced a breach in the last year reported experiencing more than one breach. When asked about the factors contributing to healthcare industry data breaches, 31% cited the use of mobile devices to store health information and 28% cited the sharing of health information with third parties.
The financial impact of a PHI breach is now a significant issue for healthcare organizations as a result of the Red Flags Rule and The American Recovery and Reinvestment Act of 2009’s Health Information Technology for Economic and Clinical Health Act’s (ARRA HITECH) Breach Reporting requirement.
While the costs of responding to a data loss event can be exceedingly high, healthcare leaders are now confronted with laws in some states that require remuneration of one thousand dollars per patient, per breach. This has resulted in a significant number of class-action lawsuits where the possible liability may surpass U.S. $4 billion.
“End-to-end encryption and secure management of backup data, especially involving laptops and other wireless devices, should be a priority for organizations as threats to sensitive information continue to grow,” said Jason Buffington, Senior Analyst, Enterprise Strategy Group. “Healthcare professionals in particular must ensure the confidentiality and integrity of patient information by incorporating a comprehensive approach to backup data security into their overall risk reduction strategies. FIPS 140-2 certification by NIST demonstrates Asigra’s commitment to providing these organizations with high levels of protection against a breach.”