Electronic Protected Health Information (ePHI) is at high risk, according to a new study by the Ponemon Institute. This is the second time Ponemon has conducted its annual benchmark study. It is conducted by interviewing healthcare professionals in hospitals and independent practices.
The study reports data breaches have increased by 32% since last year. Instead of hackers or malicious software, the study finds employee negligence is the primary cause of breaches. The report also states that over half the survey respondents do not protect mobile devices. Data breaches cost the healthcare industry an average of $6.5 billion per year.
In addition, the study reports that federal regulations have not had a measurable impact in reducing the frequency of breaches. Professionals cite lack of budget to implement federal policies. Policies may also not be very effective; personnel do not understand the importance of policies, or willfully disregard them.
Data breaches lead to medical identity theft, according to the study. Perpetrators of medical ID theft typically pose as an individual with adequate medical coverage and then use their stolen insurance for surgeries or other medical procedures. Only 25% of organizations that experience data breaches offer credit monitoring to their patients.
How can practices safeguard their data? The best way to get started is to conduct a standards-based risk assessment. Conducting or reviewing a risk assessment also happens to be the first requirement for HIPAA security rule compliance, in addition to one of the core meaningful use measures.
Risk assessments should cover all aspects of the practice including policies, procedures, and training. Many practices mistakenly focus on computer systems. After completing a risk assessment, a practice should use its resources to address inadequacies that pose the highest risk. Typically, these are policies, training, and backup and disaster recovery plans.
If your practice is interested in learning how to guard against data breaches, please let us know. We would be happy to conduct a standards-based risk assessment to help you qualify for meaningful use. You can reach us at http://www.xlemr.com/contact.html.
