The year 2013 was a pivotal time for the healthcare industry. Bioengineering developments reached new heights with emerging technologies such as electronic aspirin and a transcatheter aortic heart valve that provides an alternative to open-heart surgery.
In the insurance realm, health exchanges opened for business and insurance plans were explained in plain English.
And then there was HIPAA's omnibus rule. The rule extended HIPAA requirements to healthcare organizations' service providers, strengthened requirements for data protection and privacy practices, gave individuals more rights for obtaining access to healthcare records and increased maximum penalties for noncompliance.
Data Breaches Since Omnibus
Since omnibus went into effect, the number of organizations that have made the Department of Health and Human Service’s (HHS’s) "wall of shame" — the moniker given to the public, legally required listing of breaches affecting 500 or more individuals — has skyrocketed.
According to data we exported from HHS, 1,186 organizations have found themselves in HIPAA's bad graces during the time span of January 2013 to December 2014. Of the top 10 largest breaches, 70 percent were due to the loss or theft of information stored on backup tapes, servers, drives, desktop computers, laptops and other media.
Omnibus doesn't always offer prescriptive recommendations for avoiding breaches. However, healthcare providers can learn from the mistakes of others and take precautions to remain compliant, avoid fines, and most importantly, protect their patients' information.
Below are a few examples of solutions we recommend for healthcare providers looking to combat common breach causes:
- Theft of backup tapes — off-site cloud backup/recovery with BlackCloud cloud services
- Missing servers/hard drives — infrastructure as a service through BlackCloud
- Theft of laptops and desktop computers — BlackCloud Virtual Office for desktop virtualization
We also encourage healthcare organizations to make sure any business continuity and disaster recovery vendors they consider working with have completed a third-party audit that meets regulatory standards, such as the Service Organization Controls 2 audit.
Ultimately, by taking proactive measures against security breaches, you can lessen your odds of landing a spot on the wall of shame.