The healthcare industry has suffered a 62 percent increase in patient data breaches for the first 52 days of 2017 compared to the same period last year, a Med-Net Compliance analysis of U.S. Department of Health and Human Services (HSS) data has shown.
According to the analysis, unauthorized access/disclosure incidents rose by 30 percent, theft by 57 percent, IT system hacking by 72 percent, and accidental loss doubled during the period January 1 to February 21.
All institutions covered by the Health Insurance Portability and Accountability Act (HIPAA) are required to report breaches of information to the Office for Civil Rights (OCR) in the HHS in terms of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
For the first 52 days of 2016—that is, from January 1 to February 21, a total of 26 breaches were reported to the OCR.
Of that number, 12 were due to “unauthorized access/disclosure,” two were due to “improper disposal,” three were due to the “loss” of paper or electronic records, four were due to “theft,” and another four were due to a “hacking/IT incident.” The cause of one more incident was not specified.
For the same period in 2017, the total number of data breaches reported to the OCR jumped to 42.
Of that number 18 were due to “unauthorized access/disclosure,” one was due to “improper disposal,” four were due to the “loss” of paper or electronic records, seven were due to “theft,” and another 12 were due to a “hacking/IT incident.”
The single largest increase in data breaches was therefore from IT-related incidents—but such losses still remain the absolute minority of causes of such losses.
Human error—either deliberate or accidental—still accounts for nearly 60 percent of all data losses, the analysis showed.
These figures have great importance for compliance officers throughout the industry. Given the potential losses which can be incurred from resulting civil or criminal suits, the data shows that increased focus on compliance comprises a valuable investment—and one which can prevent considerable financial and reputational damage to an institution.
*The reporting requirements for data breaches have recently changed. For details, please click here