Home Risk Management HIPAA Breaches: It's Your Fault, Not Theirs

HIPAA Breaches: It's Your Fault, Not Theirs

Katie Leander Feb 13, 2013

Laptop computer We have written a lot about data breaches and HIPAA violations on this blog. Let’s see what the latest data tells us and what can we learn from it. Healthcare IT News recently wrote about 2012’s largest HIPAA breaches.

In essence, the top 10 breaches present us with two overwhelming lessons:

1. Seriously consider whether you and your practice should be using laptops to store patient data and whether or not they should be allowed to leave the office. Four of the top 10 HIPAA violations involved laptops being stolen and another case involved backup data disks being misplaced (so we’ll include it here). So, while these data breaches are technically conducted by outside crooks, physicians and employees need to take responsibility for unattended laptops (and disks) and their lack of proper encryption.

2. Make sure that your electronic medical data and electronic medical records have the appropriate levels of security –to not only guarantee that you don’t get hacked by outsiders, but to also protect you from your own employees or affiliated employees having access to data who should not have access. Four of the top 10 HIPAA data breaches involved employees or affiliated employees improperly accessing patient records and data.

So, nine of the top 10 data breaches of 2012 were the result of inappropriate precautions taken by an employee or physician. Surprising, huh? And, only one of the top 10 data breach cases involved an outsider hacking into a server from the outside –which is probably what most people think of when they think of a data breach. Thus, health care employees need to re-frame their idea of HIPAA breaches. They should assume that they will happen and that they may be responsible to some degree. As a result, employees should take the proper precautions now –so, even if your practice is a victim in the future, you won’t look like a willing victim.

In summary, every organization should:
1. Re-evaluate their laptop policy.
2. Re-evaluate the security and encryption on their laptops and other computer systems.
3. Ensure that only appropriate and necessary individuals have access to patient information.

You may also like

Legislative panel approves medical malpractice bill
Read more
Urgent-care centers: Illinois numbers grow as time-pressed families seek low-cost option to ERs
Read more
Global Center for Medical Innovation launches
Read more

Recent Posts

Washington Supreme Court Overturns Medical Liability Statute of Repose

U.S. District Court Sets Aside Record Noneconomic Damage Award

Curi Holdings, Constellation Complete Merger to Offer Scale the Modern Healthcare Delivery System Requires

Popular Posts

PIAA 2017: Current Trends & Future Concerns

2022 Medical Malpractice Insurance Rates: What the data tells us

Global Center for Medical Innovation launches

Start Your Custom Quote Process™

Request a free quote