IT | Security

Is the Healthcare Industry Learning from Breaches?

By: Absolute Editorial Team | 1/15/2014

According to the US Department of Health & Human Services (HHS) Office for Civil Rights (OCR), there were over 100 HIPAA privacy breaches affecting 500 or more individuals in 2013.

When the numbers were crunched two months prior to the end of 2013, there had been 730 data breach incidents recorded by the OCR between 2009 and 2013. As of January 8, 2014, that number is now 773. More than 24 million health records have been breached, according to these figures. Graphing the information proves useful, showing that there have been improvements in the number of large breaches.

During the 2009-2013 time period, theft has remained the greatest type of breach of health information, with thefts from hospitals as well as laptops stolen from offices and cars. Despite the prominent hacks that have been hitting other industries (particularly with the rise in hacktivism), hacking does not figure prominently in the healthcare industry.

As our earlier post demonstrates, the healthcare industry is changing with the advent of changes such as cloud computing, eHealth and mHealth. Given the HIPAA omnibus final rule that came out in 2013, compliance is a top US concern for 2014, as organizations struggle to address privacy, security and breach risks and balance the challenges of more audits and inevitably (for some) more incidents, investigations and fines.

Absolute Software is currently offering a complimentary report from Gartner that examines the impact of the new HIPAA regulations and enforcement. "Gartner Report: As HIPAA Regulations Get Teeth, Healthcare Feels the Bite" includes insight on:

  • How to implement a risk management program
  • How to evaluate specific compliance activities based on advice from legal counsel
  • The need to revisit security planning to ensure existing protocols are appropriate based on your HIPAA risk assessment

To learn more, download the report here.