...And What Health Care Professionals Can Do About Them
Incidents involving protected health information (PHI) continue to rise despite all the procedures, policies and other precautions being put in place to prevent them. Data breaches involving protected health information increased 25 percent in 2014i and are still rising — the Anthem hack that was revealed in 2015 exposed approximately twice as many patient records (80 million) as the total number reported under the HITECH Act from its inception in 2009 through 2014 (40 million).
The nature of PHI risk is also changing. For years, the most common breaches resulted from lost laptops and other personal devices. Today intentional attacks have surpassed unintentional mistakes as the leading source of PHI incidents. Criminal hacks against health care organizations have increased 125 percent in the past five years and in 2014 were the leading cause of industry data breaches for the first time ever;ii in early 2015 hacking had accounted for the six largest breaches reported to HHS.iii Sometimes the organizational approach to managing PHI also elevates risk by not devoting sufficient attention or resources to protection, according to a 2015 survey of health care chief information officers (CIOs) and chief information security officers (CISOs) conducted by the Association for Executives in Healthcare Information Security (AEHIS), as shown in Figure 1.