Analysis of HIPAA data breaches in 1st half of 2015
-
Upload
kays-harbor-technologies -
Category
Healthcare
-
view
459 -
download
4
Transcript of Analysis of HIPAA data breaches in 1st half of 2015
HIPAA data breaches in first half of 2015 (January-June)
An in-depth analysis 06 Oct 2015
www.kaysharbor.com
Purpose of HIPAA
To make it easier for people to keep health insurance.
Why HIPAA?
Purpose of HIPAA: Department of Health, Tennessee
To protect the confidentiality & security of healthcare information.
To help the healthcare industry control administrative costs.
139 94mn
1 in 2 2 in 3
Just 5 reported
incidents
of HIPAA
data
breaches.
individuals
affected
due to
these
breaches.
incidents
covered 98%
of total
individuals
affected.
breach
incidents
reported by
Healthcare
providers.
incidents due
to hacking/IT
incident or
theft.
A quick snapshot of HIPAA data breaches during the first half of 2015 (Jan-Jun)
Overview of data breaches
Source: US department of Health and Human Services Office for Civil Rights
25% (34)
71% (99)
4% (5)
Healthcare provider
Health plan
Business associate
Maximum HIPAA data breaches occurred at Healthcare Providers’ end
Total HIPAA breaches= 139
HIPAA data breaches by business type
Source: US department of Health and Human Services Office for Civil Rights
California Texas New York
Florida Illinois
20 16 12
11 10
HIPAA breaches in following 5 states alone amounted to 50% of all breach incidents
incidents incidents incidents
incidents incidents
Top 5 states by number of incidents
Source: US department of Health and Human Services Office for Civil Rights
HIPAA data breaches affecting 99% of all individuals originated from following 5 states
Indiana Washington Maryland
Georgia Virginia
78.8 11.0 1.1
0.9 0.7
million million million
million million
Top 5 states by population affected
Source: US department of Health and Human Services Office for Civil Rights
People affected
78.8 mn
11.0 mn
1.1 mn
0.7 mn
0.6 mn
State located
Indiana
Washington
Maryland
Virginia
Georgia
Breach reason
Hacking / IT
Hacking / IT
Hacking / IT
Hacking / IT
Hacking / IT
Breach location
Network server
Network server
Network server
Network server
Network server
Top 5 HIPAA breaches affected 92 mn people, all resulting due to hacking/ IT on network server
Top 5 incidents (by population affected)
Source: US department of Health and Human Services Office for Civil Rights
85% of HIPAA data breaches occurred due to unauthorized access, theft and hacking/IT incidents.
32%
30%
26%
8%
4%
Total incidents
139
Unauthorized access/disclosures
Theft
Hacking/IT incidents
Loss
Improper disposal
Reasons of HIPAA data breaches
Source: US department of Health and Human Services Office for Civil Rights
29%
20% 11%
40%
Unauthorized access of data from paper/films/ emails & EMR contributed to 60% of such incidents
Unauthorized access/disclosures (total incidents: 45)
32%
30%
26%
8%
4%
Total incidents
139 Paper/films
EMR
Others
Reasons 1: Unauthorized access / disclosures
Source: US department of Health and Human Services Office for Civil Rights
29%
10%
7% 2%
52%
Laptop, desktop and electronic devices led to ~50% of data breaches due to theft
Laptop
Desktop
Others
Other portable Electronic device EMR
Theft (Total incidents: 41)
32%
30%
26%
8%
4%
Total incidents
139
Reasons 2: Theft
Source: US department of Health and Human Services Office for Civil Rights
64%
19%
6%
11%
~65% of hacking/IT incidents happened at Network Server end
Network server
Desktop
Others
Hacking/IT incident (Total incidents: 36)
32%
30%
26%
8%
4%
Total incidents
139
Reasons 3: Hacking IT incidents
Source: US department of Health and Human Services Office for Civil Rights
83%
17%
Loss of paper/films contributed to 83% of all data breaches resulting due to loss
Loss (Total incidents: 12)
Paper/films
Laptop
32%
30%
26%
8%
4%
Total incidents
139
Reasons 4: Loss
Source: US department of Health and Human Services Office for Civil Rights
HIPAA has no safe harbor option, so make sure your underlying technology is compliant
If your software is designed to manage, collect or transmit PHI in any form, then it has to be HIPAA compliant.
Make sure user data is protected at all levels of communication, be it internal or external.
Implement different security measures across multiple access levels of electronic data.
Built a functionality to wipe off electronic data remotely from mobile devices, in case of loss or theft.
Ensure usage of HIPAA compliant network and email servers.
Are you planning to develop a custom healthcare software solution?
Let’s partner http://kaysharbor.com/request-for-free-consultation/
• HIPAA data breaches in 1st half of 2015 : An infographic http://kaysharbor.com/blog/healthcare/hipaa-data-breaches-in-first-half-of-2015/
• Is your healthcare mobile app HIPAA compliant: http://kaysharbor.com/blog/healthcare/hipaa-compliance-for-your-mobile-app-can-be-a-tricky-path-dont-go-alone/
• Why mobility is no more an option for healthcare providers and hospitals http://kaysharbor.com/blog/healthcare/planning-to-take-your-hospital-on-mobile-the-right-time-is-now-2/
Further readings