By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Protected Health Information Security: You Should Be Worried
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > Protected Health Information Security: You Should Be Worried
BusinessMedical RecordsPolicy & Law

Protected Health Information Security: You Should Be Worried

philcsolomon
philcsolomon
Share
5 Min Read
Protected Health Information
SHARE

Protected Health InformationIt seems like every day, we hear another story in the news about a breach of security that caused personal health information and financial information to be lost or stolen by hackers and thieves.

Protected Health InformationIt seems like every day, we hear another story in the news about a breach of security that caused personal health information and financial information to be lost or stolen by hackers and thieves.

With the increasing incidences of healthcare related breaches, providers must become more diligent in securing protected health information (PHI).

The HITECH Act, implemented and enforced by HHS, CMS, and OCR, and recently updated and finalized in the HIPAA Omnibus Rule seems to be having a slight positive impact on security. Even though payers and providers have stepped up their game securing data; the risks for data loss are still present.

More Read

Working Together to Improve Health Outcomes While Saving Money
Crowdfunding Cancer Research: Martin (Marty) Smith
Data Alone Does Not Make Health Care Pricing Meaningful
Telemedicine’s Achilles’ Heel: The Telephone
Euro Health Consumer Index 2012 Shows #Prevention is the Way Forward, of Course

According to Redspin, a healthcare IT security firm, there has been an explosion of protected health information security incidents over the past five years. For example, the following is a summary of healthcare breach highlights from 2009 through 2013:

– 804 breaches of protected health information since 2009
– 29,276,385 patient health records affected by breach since 2009
– 7,095,145 patient health records breached in 2013
– 137.7% increase in the number of patient records breached in 2012-2013
– 85.4% of the total records breached in 2013 resulted from the 5 largest incidents
– 4,029,530 records breached in the single largest incident
– 83.2% of 2013 of patient records breached in 2013 resulted from theft
– 22.1% of breach incidents in 2013 resulted from unauthorized access
– 35% of 2013 incidents were due to the loss or theft of an unencrypted laptop or other portable electronic device
– 20% of protected health information (PHI) breaches have involved a business associate each year from 2009-2013

The Annual Report to Congress on Breaches of Unsecured Protected Health Information for 2011 and 2012 identified the type of breaches, the causes of data breach and the source of data breaches. They are listed in order as follows:

Breaching Entity
1. Providers
2. Business Associates
3. Health Plans

Causes of Data Breach
1. Theft
2. Loss of PHI
3. Unauthorized Access
4. Hacking/IT incident

Sources of Breach
1. Laptop
2. Paper
3. Server
4. Desktop Computer
5. Other Portable Device
6. Email
7. Electronic Medical Records
8. Other

Here are some steps to protect patient’s health records and data in your organization:

1. Provide security awareness and privacy education training for your staff
2. Review and update your physical security and access control policies
3. Update the controls to protect networks to ensure safeguards against unauthorized users accessing PHI through such mechanisms as:
– Computer auto-locking and screen saver locks
– Unique usernames and password protection
– Extensive logging of computing activity
4. Physical access controls that include, but are not limited to the use of:
– CCTV coverage 24×7
– Proximity badge access and logging controls
– Periodical review of access rights and reconciliation
5. Incident Response
6. Adherence of Red Flag Rules
7. Develop a comprehensive incident response program to ensure proper and prompt identification of potential threats to physical and data network
8. Train the staff on proper notification channels if patient information compromise
9. Perform internal quarterly security risk assessments to ensure ongoing compliance and gap remediation between evaluation periods
10. Contract with a third-party security firm annually to perform a security assessment

More entities are following the advice of experts and updating (or creating) their security risk mitigation strategies for protected health information to secure their data and prevent breaches from occurring in the future. Let’s hope the results in 2014 shows a decline of security events. If so, I think we’ll all sleep better at night.

TAGGED:HITECH ACTPrivacysecurity
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

dental care
Importance of Good Dental Care for Health and Confidence
Dental health Specialties
October 2, 2025
AI in Healthcare
AI in Healthcare: Technology is Transforming the Global Landscape
Global Healthcare Policy & Law Technology
October 1, 2025
Choosing the Right Swimwear for Health and Safety
News
September 30, 2025
sports concussions
Concussion In Sports: How Common They Are And What You Need To Know
Infographics
September 28, 2025

You Might also Like

BusinessMedical InnovationsNewsTechnologyWellness

Clinton Applauds Carter Kostler (Age 14) at Health Matters Conference

February 4, 2013
Definition of Listening
Hospital AdministrationWellness

Why Doctors Need To Listen To And Understand The Patient’s “Perspectives” – A True Story

July 1, 2015

Doctors 2.0 Storify at World Health Innovation Day

August 30, 2014
CareerHospital Administration

Why Work With A Healthcare Recruitment Agency & How To Choose One

October 31, 2022
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?