PHI and Other Breaches Under Obamacare (ACA) and HIPAA During Q1 2014

With Obamacare (the Affordable Care Act or ACA), HIPAA and HITECH constantly in the news, how to handle PHI (Protected Health Information) is on the minds of doctors, hospitals, urgent care clinics, and other healthcare providers.

As a provider of email encryption to industries like finance, legal and health care, we like to stay on top of data security trends. We were curious to know how 2014 is shaping up in terms of data breaches, so we analyzed some of the relevant data and have summarized it here. Here is a snapshot of reported data breaches from Q1 2014 in healthcare / medical, compared to Q1 in the previous two years.*

Data Breach Reports Down, Records Breached Up

The number of reported data breach incidents was down from 57 during Q1 2012 to 27 during Q1 2014. Although that's a huge decrease, keep in mind that numbers from month-to-month can vary.

It's also important to look at the number of records involved because that can vary quite a bit. During the same period, the number of records known to have been involved more than tripled from under 200,000 to almost 600,000.

Healthcare and Medical Data Breaches during Q1 2014

The number of data breach reports during Q1 2014 was down compared to the previous two years, but the number of records breached was way up.

To see how much they can vary with each breach, here are the number of known records involved in data breaches during Q1 of each year.

Healthcare and Medical Data Breaches during Q1 2014

The number of data records involved in each reported breach can vary considerably.

The largest reported breach in Q1 2012 was well under 100,000 records. In Q1 2014, it was about 400,000.

Types of Breaches

There are numerous ways in which data can be breached, from paper records to hacking to device theft. The types of breaches during Q1 the last three years has also varied a lot.

Healthcare and Medical Data Breaches during Q1 2014

Reports of intrusions and paper breaches are up; but reports of unintentional disclosure and device-related breaches are down.

Surprisingly, breach reports triggered by unintentional disclosures and electronic devices (e.g., computers, tablets, phones, thumb drives) are down to none in Q1 of 2014. On the other hand the number of reports due to cyber-intrusions and non-electronic records (such as paper) are up.

It may be that health care providers are encrypting laptop hard drives, switching to secure Cloud-based services (like Greenview Data's email hosting), can remotely wipe devices and have taken other measures to reduce device breaches. But they are apparently still dealing with paper headaches and cyber-crimes (like hacking).

One way to reduce exposure from hacking is to get Protected Health Information (PHI) off your office computers, laptops, smart phones, backup drives, etc. and move it to secure data centers with geographic redundancy and automated archiving. You can do that by using secure cloud services for practice management, email, etc. No more USB thumb drives with patient info floating around the office.

Email Encryption and Other Secure Email Services

The AMA recommends that physicians encrypt email with protected health information.** Greenview Data provides secure email services, including email encryption already trusted by millions of users worldwide, such as physicians, hospitals and other healthcare providers.

We offer the following:

Our hosted business email services are available anytime, anywhere from virtually any web-enabled computer, smartphone or tablet (Apple, Android, Windows and Blackberry 10). 24/7/365 live support for all issues is included.

Use them separately or together. For example, to help you comply with HIPAA, add our encryption to your existing business email service --- or host your email with us and bundle it with encryption at special pricing.

If a conversation about secure email makes sense for your practice, give us a call, chat or email anytime. We're always here. 24/7/365. | 800-458-3348 | 734-426-7500 |

*Source: The first quarter is defined as January 1st through March 31st.

**Nothing in this article implies that the American Medical Association promotes or otherwise endorses Greenview Data products, business relationships, services, causes, campaigns, websites, content, or information.

Nothing in this article or the links we've provided constitutes legal advice or creates an attorney-client relationship. Consult a qualified attorney if you need legal guidance or advice.