The HIPAA Security Conference, held in September, revealed some new insights into data breaches in the healthcare sector. According to the insights, the majority of data breaches are preventable.
According to the insights shared at the conference by Illiana L. Peters, Senior Adviser for HIPAA Compliance and Enforcement, and captured by JD Supra, the Office of Civil Rights (OCR) investigated 1,176 reports involving breach of protected health information (PHI) affecting more than 500 individuals during the September 2009 - August 31, 2014 time period. During this same time period, there were an additional 122,000 reports affecting less than 500 individuals.
Theft and loss of devices is the most common cause of data breaches, though IT hacking is on the rise. 60% of the large data breaches could have been prevented by encrypting the covered entities and business associates’ laptops and mobile devices.
The OCR notes that inadequate security by covered entities and business associates is not acceptable. All HIPAA covered entities and their business associates must:
As further expanded upon by HealthIT Security, OCR will be looking not only at risk analyses but also how organizations respond to gaps identified with proper safeguards. It is clear that OCR audits and breach investigations are looking at how healthcare organizations are proactively identifying and shoring up risks.
The risks, as identified above, often come from the loss and theft of devices. Although loss and theft of devices will continue to happen, healthcare organizations can take basic steps such as encryption to ensure a security incident does not turn into a costly data breach. While this is a great first step, you can do more to ensure patient data is safeguarded and compliance is maintained through solutions such as Absolute Computrace and Absolute Manage.
Absolute Computrace for endpoint security allows you to respond if a device is missing or stolen, if data is breached or compromised, or if the status of a device is unknown—safeguarding patient data and allowing you to comply with regulations such as HITECH/HIPAA and other regional, state, and federal regulations.
Absolute Manage for endpoint management allows you to maintain the health of each device in your deployment so you can prevent the spread of viruses, external attacks, forbidden applications, over-installed software, and other conditions that can result in non-compliance. Absolute Manage allows you to monitor the encryption status of devices, set stronger passwords, and help manage your BYOD program.
Learn more about our Healthcare solutions here.