Today’s post is inspired by John Lynn’s blog EMR and EHR. Yesterday, his staff posted a blog about data breaches and cited some interesting examples of related stories in the news. Due to the increased HIPAA fines and risk exposure, it is a topic that is worth repeating.
The blog made two points we wish to re-iterate. First, most breaches are due to theft or human error, not mysterious hackers. Second, breaches of paper records are much worse than electronic breaches.
Theft or human error causes the majority of data breaches. If you take a look ONC’s wall of shame website, you will see that is the case. Basically, this means that thousands of dollars of security software can easily be made useless without adequate education, training and policies.
Training is important because it educates employees on their roles, responsibilities, and procedures. Better training could have prevented at least one recent breach where a hospital contractor posted protected data to a website designed to help college students with their homework.
Encryption is an important tool to protect mobile devices. Laptops, tablets, and smart phones are at high risk for loss or theft. Using standards-based encryption to protect your mobile devices will prevent your data from falling into the wrong hands.
Paper records are much more vulnerable than electronic records. This seems counter-intuitive for a couple of reasons. First, electronic data breaches get all the press. Second, electronic data is much easier to copy. However, electronic data is also much easier to protect with access controls, encryption and other means. Paper records, on the other hand, are not easily protected. They also do not require any special hardware or software to read. Most of the time, paper records are not even stored in a locking cabinet.
Data breaches are a serious issue. Practices should be sure to exercise due diligence to prevent data breaches and avoid fines for HIPAA non-compliance. Technology, policy, and education work hand in hand to keep your practice secure.