HIPAA Data Breaches on the Rise
A data breach occurs when secure information is intentionally OR unintentionally released into an untrusted environment. In the healthcare space, data breaches are especially problematic. The amount of sensitive information we entrust to hospitals, clinics, labs, payers and provides is staggering. HIPAA data breaches, in particular, are rising.
In our research for the infographic, HIPAA Breaches 2009-2015, we reviewed data from the Office of Civil Rights. They maintain a huge portal available for public consumption. Viewers can sort through the data by date, type of breach, location of breach, and more. Anyone can also export this data to review more thoroughly.
The numbers are startling. At the time of publication, there were over 1286 reported incidents affecting 153 million individuals . The largest breach was earlier this year from Anthem Insurance, reporting over 78 million records being breached. According to the Guide to the De-identification of Personal Health Information, the costs incurred for a breach – including notification, legal fines, legal fees, forensics, PR and more – is approximately $208 per person. The average data breach was over 100 thousand records and cost $24 million. We learned that the highest number of individual records breached were in Indiana, California and Washington State.
When we look at the types of breaches, an uncomfortable picture is created. Theft is the number one type of breach, followed by unauthorized access or disclosure. Hacking, loss, improper disposal and “other” round out the list.
In order to protect PHI, especially with a breach, the protections placed on data must be rigorous. As organizations start to share PHI more frequently, there should be stronger controls in place to ensure that if there are data leaks, individuals will not be re-identified. Risk-based de-identification offers much greater protection for organizations and individuals because it measures the amount of risk contained in the data. Releasing data without measuring the risk contained ultimately opens up greater chances for the number of HIPAA breaches to rise.
- One Year In: How the Opening of Health Canada’s Portal Affects YouMay 4, 2020
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- How does risk-based anonymization work?December 18, 2019
- Why should I use Expert Determination over Safe Harbor?December 18, 2019
- What do I need to know about GDPR, HIPAA and CCPA to meet our regulatory and privacy obligations?December 18, 2019
- Putting our passion into action against COVID-19April 15, 2020
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019