Data breach in the healthcare sector involves the loss of sensitive data including an individual’s name, Social Security number, medical records, and possibly financial data such as credit or debit card numbers. An article in Health Management finds that January 2018 saw an average of more than a breach per day, with a total of 37 health data breaches. A recent study, published in the American Journal of Managed Care finds that paper and film records were the most frequent location of breached data in hospitals. Medical transcription services can be availed to transcribe these records and store it in an electronic form.
Even with the availability of advanced health information technology (IT) systems, security breaches continue to affect hundreds of hospitals and compromise thousands of patients’ data. While the data breach types included categories such as hacking/IT incident, improper disposal, loss, other/unknown, theft, and unauthorized access/disclosure, data breach locations or modes can be desktop computer, EHR, email, laptop computer, network server, paper/films or other location.
Researchers from the College of Health and Public Affairs, University of Central Florida and the United States Air Force Joint Base in Charleston, South Carolina evaluated the Office of Civil Rights breach data from healthcare providers regarding breaches that affected 500 or more individuals from 2009 to 2016. These data were linked with hospital characteristics from the Health Information Management Systems Society and the American Hospital Association Health IT Supplement databases.
Based on this evaluation, it was found that despite the high level of hospital adoption of electronic health records (EHRs) and federal incentives to do so, paper and films were the most frequent location of breached data, occurring in 65 hospitals during the study period.
Other key findings include
- Of all types of healthcare providers, hospitals accounted for approximately one-third of all data breaches and hospital breaches affected the largest number of individuals. (Of the total 215 breaches, each affecting 500 or more individuals, 185 were in nonfederal acute care hospitals)
- Network servers were the least common location but their breaches affected the most patients overall
- There were significant associations among data breach occurrences and some hospital characteristics, including type and size.
The study indicates the relevance of conducting routine audits in hospitals to allow them to see their vulnerabilities before a breach occurs. It is also critical to implement information security systems, improve access control and prioritize patient privacy to minimize future breaches.
According to the Verizon research report published in Health IT Security, reducing paper-based PHI and establishing a holistic risk management program are critical ways hospitals can consider in preventing healthcare PHI data breach. Even while outsourcing medical transcription, providers must choose to partner with an experienced company that adheres to HIPAA guidelines and strict data security policies.
