February 16, 2016
With breaches of personal data appearing in the news every day, new trends continually emerge across varying industry sectors, but the spotlight has consistently fallen on healthcare as one of the most likely sectors to suffer from data breaches. In 2014 the Information Commissioner's Office investigated 517 potentially serious breaches of the Data Protection Act across UK healthcare institutions, more than any other industry.
Data security in the healthcare sector is particularly important because of the detailed and often sensitive information that patient records contain, making it easier for criminals to commit identity theft. Two new US reports examined the issue in detail and uncovered a few surprises about health data breaches – underlining the fact that you can’t paint all data breaches with the same brush.
Here is what research showed about healthcare security and data breaches:
Not just Healthcare Industries: The 2015 Protected Health Information Data Breach Report by Verizon showed that 90% of the industries studied have experienced health data breaches. In fact, many organisations outside of the healthcare sector collect sensitive health information (in employee records or for private medical insurance for example). Another US study, the State of Healthcare Information Security 2015 survey, showed that business associates taking inadequate security precautions with medical records are a threat too.
By the Numbers: Verizon reviewed 1,931 incidents from 25 countries comprising at least 392 million patient records. But the total number of compromised records might be much higher – 24% of breached organisations did not provide the exact number of records involved.
Physical Breaches the Most Common: The Verizon data showed that lost or stolen assets, privilege misuse, and miscellaneous errors such as information misplacement, disposal errors, and publishing mistakes, caused 86% of all breaches of patient data.
People, not Hacks: The State of Healthcare survey showed that human error – and often insider misuse – was responsible for more breaches than hackers in healthcare. “We spend millions on new technology, countless hours on policy writing, and engage all stakeholders to enhance their awareness,” wrote Dr. John D. Halamka in an online post. “Yet, we’re as vulnerable as our most gullible employee.”
What are healthcare privacy and information security best practices for organisations that handle personal data?
Today all industries must have a comprehensive document management process that protects patient records from document creation to document disposal.