Nearly two out of every five healthcare professionals reported a data security breach in 2009, up from just 13% the previous year, according to a recent survey. The majority of the breaches typically involve lost or stolen laptops and portable data-storage devices, and improperly discarded documents.
It’s 10 o’clock. Do you know where your laptop is?
Nearly two out of every five healthcare professionals reported a data security breach in 2009, up from 13% the previous year, according to a recent survey by the Healthcare Information and Management Systems Society. The security breaches occurred even though most of those surveyed said they are compliant with all laws and regulations related to privacy.
Although many providers surveyed said they have effective safeguards in place to monitor access to sensitive data, most of the breaches involved lost or stolen laptop computers, stolen computers or hard drives, or improperly discarded documents.
The problem is that many providers focus on compliance and ignore the financial impact of a data breach, the researchers said. Of the security breaches reported this year to the government’s Office for Civil Rights, which enforces HIPAA regulations, only two involved unauthorized access to data. The theft of unencrypted laptops or other portable data-storage devices accounted for 44% of the breaches.
The cost of a ignoring a privacy breach can be severe. One of the provisions of the 2009 federal stimulus program requires healthcare providers to post information about security breaches if a breach affects 10 or more patients. If a security breach affects 500 or more patients, practices must notify all affected patients, a local media outlet, and the Department of Health & Human Services. Fines for noncompliance start at $100 and can go as high as $1.5 million. (To learn more, read here.)
Encrypting a laptop or hard drive is a relatively inexpensive way to protect patient data.
The cost of encrypting a laptop is a minor expense compared to the cost of notifying patients of the breach, setting up free credit monitoring for them, and handling complaints and inquiries. In addition, a provider found guilty of willful neglect could face government fines of up to $1.5 million. Talk to your technology advisor or visit sites such as Symantec.com or VeriSign.com for more information on data encryption.