The Health Information Technology for Economic and Clinical Health (HITECH) Act became effective in February of 2009. According to new data, looking at dates between September 2009 - 2010, 4.9 million patients had their protected health information (PHI) compromised as a result of 166 data breaches.
Though the HITECH act was put in place to encourage the use of EHRs, it also strengthened privacy requirements mandated by HIPAA. Despite this act, perhaps patients are not being too wary in fearing the safety of their health records.
Of the 166 breaches in the study, laptops were the primary source of breaches. 43 breaches were the result of laptop loss - breaches which affected more than 1.5 million individuals.
Other findings include:
In addition to reviewing annual risk assessments, healthcare organizations should keep their security policies up to date, protect laptops with encryption and other 'vaccinations', and complete regular HIPAA checklist reviews.