What follows is a nice, yet concise, infographic developed by Clearwater Compliance — an organization that helps health systems ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI) – that provides a nice overview of the current state of healthcare breaches.
Clearwater Compliance states that according to Breach Level Index, there were 336 healthcare data breaches reported in the U.S. last year; “the Office for Civil Rights portal on the HHS website cited 165 breaches affecting 500 or more individuals in 2014.”
Interesting, the organization points out that non-digital breaches remain an issue. “Paper data breaches accounted for 9 percent of compromised records in the first half of 2014 – and a surprising 31 percent in the second half. In total, nearly 200,000 paper records were compromised last year, along with nearly 60,000 pieces of individually identifiable health information ranging from lab specimens to radiology film,” wrote the Clearwater Compliance team.
Additionally, insider mistakes and malice can be costly. In breaches examined, there were 45 incidents involving insider actions that resulted in the compromise of more than 478,000 records. “That means that about half of all the incidents we studied involved either mistakes or malice by an organization’s own employees and business associates.”
Clearwater Compliance makes the case that, despite an organization’s best efforts, “it’s almost impossible to eliminate all workforce-related data breaches. But organizations can take steps to foster an atmosphere of compliance and prevention.”
Lindy Benton, CEO of MEA|NEA, recently wrote in a piece for MultiBriefs: “According to the Wall Street Journal, Forrester Research recently conducted a survey of more than 2,100 healthcare IT pros and found that only about 60 percent of them said they encrypt devices like laptops, smartphones or tablets. Also according to the research, 39 percent of healthcare security incidents since 2005 have included a lost or stolen device.
“For some additional perspective, since federal reporting requirements started, the U.S. Department of Health and Human Services has tracked major breaches (those affecting 500 people or more) and has identified more than 945 incidents affecting patients’ personal information, affecting more than 30 million people.
“A majority of these breaches are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access of accounts (1.9 million people), according to The Washington Post. And these numbers do not even include the Community Health Systems numbers.