Many articles are circulating that slice and dice the data from the 2015 data breaches greater than 500 people impacted. The data comes from the infamous Department of Health and Human Services’ HIPAA “Wall of Shame.” The data being published puts a lot of emphasis on hacking and the impact that it has had on healthcare over the past year. There is no doubt, hacking did have a BIG impact on the data breaches of 2015; however, the data is slightly skewed due one data breach that impacted approximately 78 Million Individuals – The Anthem Data breach. In fact, three data breaches occurred due to hacking that skewed the image of what actually happened in 2015 with healthcare data breaches. A total of 113,208,516 individuals were impacted by 266 data breaches in healthcare in 2015. The Anthem data breach (78.8 Million individuals), the Excellus data breach (10 Million individuals), and the Premera Blue Cross (11 Million individuals) accounted for only 3 of the total data breaches but impacted 88% of total individuals whose data was breached. Definitely a significant happening in 2015; however, it is important to look at the data as a whole and understand there were outliers that significantly impacted what occurred in 2015 data breaches. Looking at the data in several different ways can help shed some light on other important aspects of data breaches impacting greater than 500 individuals in healthcare during the year of 2015. While hacking is a significant impact on the amount of people in 2015, the category of Hacking/IT Incidents only accounted for 57 (21%) of the 266 data breaches that were reported on the Department of Health and Human Services HIPAA “Wall of Shame.” Based on the number of data breaches impacting over 500 individuals, what did actually occur in 2015 besides the large Anthem data breach that skewed the view of the data breaches in 2015? Here are some facts that may help paint an actual picture of what occurred in 2015. • #1 Data Breach Type: Unauthorized Access/Disclosure – 38% of 2015 Data Breaches
• #1 Data Breach Location: Paper/Films – 27% of 2015 Data Breaches
• #1 Data Breach by Covered Entity Type: Healthcare Providers – 73% of 2015 Data Breaches
• Top Range of Number of Individuals Impacted: 1,000 – 9,999 Individuals Impacted – 53% of 2015 Data Breaches
Healthcare organizations need to understand it is not one area that is at risk for data breaches to occur. Each organization needs to spend time evaluating their organization and specifically the protected health information that they create, store, transmit or maintain to understand what risks that they have. Data breaches are being caused by a significant amount of reasons, and it is important to know that hacking/IT incidents is only one of those areas to focus on. Hacking/IT incidents definitely will impact a great amount of individuals as the hackers get access to a larger amount of data; however, a data breach caused by another issue such as an unauthorized disclosure causes just as much damage to an individual as someone hacking into a system and gaining information. Understanding the entire picture of what occurred in healthcare data breaches in 2015 will help organization prepare for proper protection of patient information. Moral of the Story – don’t just focus on one item when it comes to the protecting and safeguarding of patient information. Focus on privacy and security of healthcare data as a whole, it is the best defense against the unwanted data breach. Cheers! Danika Source: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf