Data Breach Analysis 2009-2012 – HITECH Experience Reviewed by HITRUST

December 9, 2012
5 Views

In the first three years that the HITECH data breach notification rules have been in effect (September 2009 – September 2012), almost 500 breaches affecting more than 500 individuals have been reported.  As of this spring, over 57,000 data breaches affecting fewer than 500 individuals have been reported.

In the first three years that the HITECH data breach notification rules have been in effect (September 2009 – September 2012), almost 500 breaches affecting more than 500 individuals have been reported.  As of this spring, over 57,000 data breaches affecting fewer than 500 individuals have been reported.

Courtesy of HITRUST (Health IT Trust Alliance)

The key takeaways:

  • Most data breaches are accounted for by theft or loss (2/3 of breaches, over 4/5 of breached records); the balance are accounted for by unauthorized access or disclosure, incorrect mailing, hacking and improper disposal 
  • Hacks are on the rise, and given the likely underreporting of all breaches and the ease with which theft and loss of devices and records are detected, chances are that security improvement efforts are not being targeted appropriately
  • The weak link for most data breaches are laptops, paper records and mobile media (3/4 of breaches, 2/3 of records); the balance are from desktop computers, network servers and system applications
  • The trend in number of data breaches over time is encouraging, but there have been upticks in late 2011 and early 2012 
  • Hospitals, health plans and business associates are getting better at securing their data over time; physician practices are getting a little worse, particularly in smaller practice which, since they are often linked to community hospital EHRs, expose the hospitals as well
  • Government sector breaches account for a large percentage of the whole (check out the OIG report on CMS data breaches under HITECH for a glimpse of one sliver of this problem)

The full report is worth reading.  Also: see more from HealthBlawg on HIPAA, HITECH and data breaches.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting
 

You may be interested

The Merger of Technology and Nutrition
Health care
0 shares196 views
Health care
0 shares196 views

The Merger of Technology and Nutrition

jaredjaureguy - May 26, 2017

The influx of technology in healthcare has revolutionized the domain. It has opened doors for new opportunities in the field…

3 Surprising Facts About the American Healthcare System
Health care
0 shares281 views
Health care
0 shares281 views

3 Surprising Facts About the American Healthcare System

Ryan Kh - May 24, 2017

The status of American healthcare has been in the news frequently over the past several months due to the new…

SEO vs Paid Search vs Social Media – Which is Better for Healthcare Marketing
eHealth
0 shares442 views
eHealth
0 shares442 views

SEO vs Paid Search vs Social Media – Which is Better for Healthcare Marketing

Rehan Ijaz - May 23, 2017

Digital media has transformed marketing practices in just about every industry. Healthcare marketing has surprisingly been affected by the digital…