Healthcare Industry: Are your records at risk?


In the second largest health information privacy settlement to date, the Alaska Department of Health and Social Services – the state’s Medicaid agency – recently agreed to pay $1.7 million to the U.S. Department of Health and Human Services (HHS) over possible violations of the HIPAA Security Rule.

It’s been almost three years since healthcare organizations (covered entities) and their business associates had to comply with the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification Rule. As of the end of 2011, more than 400 data breaches were reported on the Department of Health and Human Services website. These incidents compromised the protected health information (PHI) of 19,134,403 individuals.

The number of reported breaches decreased from 2010 to 2011, which is an encouraging sign that could mean organizations have improved their security controls or procedures for investigating breaches of unsecured patient information. Covered entities and business associates seem to have a better understanding of where PHI resides, and many have implemented safeguards to protect it, including removing PHI from laptops or encrypting the information.

Despite the improvements, healthcare organizations still have a long way to go before patients’ information is fully protected. Although there were fewer incidents, the number of individuals affected by healthcare data breaches nearly doubled from 2010 to 2011.

Our new white paper reviews and analyzes all healthcare data breaches posted on the HHS website in 2010 and 2011. This document can be used as a guide to help identify potential problem areas and learn how to prevent future breaches. Download our white paper to learn more:  “HITECH Act Three Years Later – Are Health Records Safe?”

Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.

Leave a Reply

Your email address will not be published. Required fields are marked *

We respect your personal information. Please review our Privacy Policy for more details.