- Healthcare organizations accounted for 42 % of reported data breaches in 2014 (Identity Theft Resource Center - Data Breach Reports 2014)
- Data breaches are expected to increase in 2015. Cybercriminals increasingly targeting healthcare practices. (Experian 2015 Data Breach Industry Forecast)
- Humans are the weakest link in the security chain. Employees are the leading cause of data breaches with 59% of security incidents last year attributed to people based breaches.
- Theft or loss of laptops, USB memory sticks and other mobile devices containing ePHI is the most common cause of data breaches.
- Cost of a data breach per record is around $300 for a healthcare organization. This includes HIPAA fines, legal fees, remediation costs, loss in revenue etc. For a dental practice with 2000 patients, it could be ~$600K which is a substantial.
- Medical identity theft jumped 22 percent in 2014 from previous year and affected more than 500,000 people (Ponemon Institute - Fifth Annual Study on Medical Identity Theft).
- Average cost to victims was $13,500 in legal and other expenses to resolve these fraud cases.
- 48% of survey respondents indicated that they would consider changing their healthcare provider if their records were breached.
How prepared is your organization to safeguard your confidential patient data?
Protecting patient data and preventing data breaches at your healthcare / dental practice is an on-going process. It takes a combination of technology, policies, process and training. Following security best practices can help prevent or minimize loss of patient and also bring your organization in compliance with the HIPAA security rule:
- Conduct a risk analysis to identify and mitigate risks to their ePHI (electronic protected health information).
- Encrypt ePHI stored on servers, desktops, laptops, tablets and smartphones.
- Use secure end-to-end encryption to email ePHI.
- Use secure messaging services to send ePHI and do not use regular SMS texting, which is insecure.
- Proactively monitor and manage computer systems / network for viruses, malware and other intrusions.
- Implement appropriate data backup and disaster recovery solutions to protect their data and in the event of disruptive situations such as natural disasters or server failures.
- Implement security polices and policies that employees must follow to safeguard ePHI.
- Conduct regular HIPAA security training for employees to increase awareness of data security, compliance and an appreciation of the disastrous consequences of data breach.