If you're a medical practitioner, dentist, orthodontist, or a company that handles patient records or healthcare data, then read on.
Assured Tech Services regularly serves businesses with highly sensitive patient data. For instance, details about medical conditions, medicines, financial information, insurance records, and so on.
That’s why it’s vital organizations protect their patient records from being hacked, stolen, or improperly disposed of.
Healthcare Data Statistics
The HSS is helpfully transparent about which organizations have had their data breached and why. Some of the figures can make for startling reading.
It’s important to note that smaller breaches aren't accounted for. Why? Well, breaches fewer than 500 records aren't taken into consideration. A quick-fire glance at recent years will tell us that:
In 2017, the number of patient records that were breached was way lower than in 2016, according to that year’s Breach Barometer Report.
Breaches fell by 79.6% compared to 2016. However, that’s still 5 million records, although it’s a lot lower than in 2016 when 27 million records were breached and in 2015 when there were 100 million records impacted.
In 2018, an average of 29.5 healthcare data breaches was reported to the HHS’s Office for Civil Rights. That’s more than one a day. In fact, 2018, was a lousy year for breaches, with more than 13 million patient records compromised!
This year isn’t looking too bright either. This year alone, there have already been more than 2000 organizations that have reported breaches. As of 31 August 2019, the HSS received 216,195 complaints concerning healthcare data breaches.
This year, in April, there were more healthcare data breaches than any other month to date.
Not only is that concerning, but a clear indicator that organizations need to be taking more precautions than ever before to protect their patients’ sensitive information.
What Happens if You Suffer a Healthcare Data Breach?
If your institution suffers a healthcare data breach, unfortunately, your organization will be listed on the HHS “Wall of Shame” (permanently).
Anyone from the public can see when the offense was, what it was, how it happened. They can also access how many people/patient records were affected.
Not only that, organizations are fined or penalized, or as the HHS puts it, they reach “resolution agreements.”
Some of the settlement figures for more substantial data breaches make for worrying reading for any organization concerned with keeping its IT security watertight.
Fines typically start at $100 but can escalate more than $50,000 if it’s shown that you wilfully neglected to protect your healthcare data.
One healthcare organization was fined $2.15 million in October 2019 for HIPAA violations, and a small dental practice had to pay out $10,000 for disclosing patient information by social media.
You want your patients and your partners to trust your organization, and for them to do that, you must demonstrate your organization’s healthcare data hasn’t been, and won’t be compromised.
Protecting Your Healthcare Data
For all the above reasons, any organization that handles healthcare data is going to want to preserve their records. To do this, your organization needs to be HIPPA compliant. This includes completing six annual assessments or audits that cover:
Physical site audit
Security standards audit
HITECH subtitle D audit
Asset and device audit
Privacy assessment
Security risk assessment
Once such reviews have taken place, you’ll need to show paperwork that proves they’ve been carried out, and keep records for six years.
If any deficiencies are found, you need to remedy them, show how you have done so in writing, and keep those records for six years.
You also need to review how you’ve remedied any breaches to ensure that nothing slips through the net in the future.
Your staff will need to have security awareness training and be HIPAA trained, including having a member of your team who is a designated HIPAA Compliance, Privacy, and/or Security Officer.
That’s just for starters. There’s a long checklist that all organizations handling healthcare data need to comply with to be HIPAA compliant.
That’s why it’s wise to bring in independent and fully HIPAA savvy experts to walk your organization through the entire process. This is the safest way to protect both yourself and your patient's data.
Do You Need Help Protecting Your Healthcare Data?
That’s a lot to think about. It’s an excellent reason to seek outside expertise for that extra reassurance that’s so important for anyone handling healthcare data. That’s where Assured Tech Services steps in.
Let us take the worry out of keeping within HIPAA regulations. You can call us at 248-243-7160 or email us today to find out how we can help you protect your healthcare data and avoid needless breaches and fines.