MDNews - Minnesota

Protected? Are Your Patients By Thomas Crocker The Challenges of Safeguarding PHI A RECENT REPORT TO CONGRESS REVEALED HEALTHCARE ENTITIES STILL STRUGGLE TO ADHERE TO FEDERAL LAW REGARDING THE MANAGEMENT OF SENSITIVE PATIENT INFORMATION. B REACHES OF PROTECTED health in for mat ion (PHI) r u n t he gamut: dozens of unencrypted computer hard drives stolen from a leased facility, a portable elec- tronic storage device swiped from an employee's ca r, hea lth information exposed to unauthorized access due to poor or nonfunctional electronic safeguards. These and other incidents detailed in the U.S. Department of Health and Human Services Offi ce for Civil Rights' (OCR) 2014 "Annual Report to Congress on Breaches of Unsecured Protected Health Information" proved costly to healthcare organizations. Let's Review The report, covering 2011 and 2012, discusses the incidence a nd causes of la rge a nd sma ll breaches a mong healthcare entities and business associ- ates subject to HIPA A . More t ha n 450 breaches involving 500 or more indiv idua ls a f fected approximately 14.7 m i l l i o n c o n s u m e r s i n t h o s e years. Smaller breaches — those in which fewer t ha n 500 indiv idua ls' records were compromised — totaled approximately 47,000 a nd a f fected almost 317,000 individuals. Breaches were categorized as theft, lo s s , u n a ut h or i z e d a c c e s s/d i s c lo - sure, improper disposal, hacking/IT incidents and unknown/other. Theft accounted for at least half of larger breaches in both 2011 and 2012 — 50 percent a nd 53 percent, respec- tively. Unauthorized access/disclosure 1 2 | Minnesota MD NEWS ■ M D N E W S . CO M

• Cover