HIPAA Violations Soar in 2018

In the 20 years of HIPAA, it has evolved to keep up with the ever-changing needs of patients and in line with technology. Audits are now a regular part of compliance monitoring that we should all be on our guard. Yet in mid-August, Federal government officials announced a new round of HIPAA violations.

 

Hacking was a Large Part of these HIPAA Violations

The figures are sobering and show that there are still problems with even basic implementation. Although hacks can’t always be helped, sometimes, human error is solely responsible. This was the biggest cause of HIPAA violations for the year so far.

• In mid-August, 30 more health data breaches were added to 2018’s tally. One of these was a major phishing hack affecting the health data of over 1.4m people
• Those 30 new cases made a total of 229 so far this year with a reported 6.1m people affected

Both of these datasets came from the Department of Health and Human Services’ HIPAA Breach Reporting Tool website. We also know that around 4.3m of the 6.1m total victims were the result of data hacks. That leaves around 2m data breaches for other reasons.

 

Unauthorized Access and Carelessness Make Up the Rest

The report listed unauthorized access or disclosure of information as accounting for data breaches relating to 803,000 people. One incident was responsible for around ¼ of these. MedEvolve based in Arkansas was found guilty of a data breach after leaving the data of a former customer on the FTP server, data which was then made publicly available on the internet.  Around 205,000 were affected.

The next largest was data theft and loss, affecting some 677,000 individuals across 41 breaches. The majority of these were the theft or loss of paper and film records. Improper disposal was the next largest, also of paper and film records improperly handled during destruction. Finally, inadequate or a lack of encryption affected 80,000 people.

 

Why It’s Better to Outsource

Negotiating HIPAA can be a minefield. Even with the best intentions and rigorous protections, employees can also make mistakes. These mistakes can lead to data breaches and large fines. Although there are always basics to understand when it comes to this law, many of the violators could have avoided some of the trouble by outsourcing their record storage and retrieval to a digital service. It especially avoids the problems of improper disposal and theft following a break-in to physical premises.