HIPAA Violations Cost Healthcare Industry $5.6 Billion a Year

A latest statement from the Ponemon Institute has emphasized the gravity of the danger from cyber-attacks and must serve as a notice to healthcare providers that they should improve data safety.

The cost to the industry is substantial. Data violations are projected to cost the healthcare trade $5.6 billion a year, and that money might be put to much better use conducting research and improving healthcare facilities.

While the report shows there has been a small decrease in the number of data violations reported previous year, the volume of patient records compromised is substantial and the number of cyber-attacks on healthcare providers – as well as other covered entities – has increased at a terrific rate with the number of hacking-related cases having grown 100% since 2010.

While targeted hacks on healthcare providers and insurers are clearly on the rise, many data violations are caused by unawareness of data security laws and simple negligence by doctors and hospital staff. It might not be possible to avoid data breaches from happening in all cases – hackers are using increasingly sophisticated ways to gain access to healthcare data – nevertheless, the volume of data breaches can be decreased and the number of people affected can be reduced by adopting basic safety measures and addressing sloppy working practices.

As per Larry Ponemon, chairman and founder of the Ponemon Institute, “The folks in the healthcare industry are wonderful people who sometimes do senseless things, and that is the source of many problems,” he went on to say “they are attempting to get their work done, they feel under pressure, they are in the business of loving for patients, and they do not want to waste time to do more safety or take that additional step to protect privacy.”

The Issue will Only Get Worse

The progress in the use of moveable devices in the healthcare industry makes privacy infringements much more likely to happen in the future. Android and iOS phones let information to be immediately sent to work colleagues and while this can increase the care provided to patients; their secrecy is being put at risk. A number of the devices being utilized to communicate PHI are unsafe and don’t use data encryption. Hackers might not be interested in individual records sent through unsecured text messages when there are millions of files to be obtained from healthcare providers and insurance companies, although the devices still represent the main risk.

Healthcare data is also now being shared more repeatedly since the move to electronic health files. Covered entities use business associates to conduct vital functions, like providing cloud storage and developing software, website maintenance, and a number of these individuals and companies are provided access to PHI.

As per a recent CNBC report, on average between 6-10 different businesses are given access to PHI or healthcare data by healthcare providers, and just one trip to hospital might see a patient’s personal details, healthcare data, and Social Security number shared with several different people. As per CNBC, “This might contain health insurance, outside labs, an ambulance company, the medical center, doctors who do not bill through the hospital, and if you do not pay on time, a debt collector”. With so many different businesses having access to healthcare data, the possibility of a breach happening is significantly increased.

The Inexpensive Care Act has Made the Issue Worse

As per the report, the Affordable Care Act has made the state much worse. During October previous year, millions of patients enrolled the healthcare system, yet because of the hurry to beat the October time limit, data security standards were bad. Rick Kam, president and founder of ID Experts – which supported the Ponemon study – said “A lot of resources and energy were spent on merely making certain the exchanges worked. Unfortunately, not sufficient effort has been made to make certain they were safe.”

The Ponemon study involved interviews with senior-level security people of healthcare providers, 70% of which thought the Affordable Care Act (ACA) has raised – or considerably raised – the danger of data theft because insufficient security measures have been applied to protect data. The ACA is thought to have increased the chance for burglars to access healthcare data, and as per Pam Dixon, the Executive Director of World Privacy Forum – who was participating in the survey – the Affordable Care Act was like ”adding jet fuel” to the medical identity thievery problem.

Main Findings of the 2014 Ponemon Medical Identity Thievery Survey

The number of hacking events is clearly on the rise, although the main concern of security officers is employee carelessness, with 75% of the survey’s respondents citing this as the main concern. Particularly the growth in the use of moveable devices in healthcare is a concern as too little is being done to safeguard those devices.

BYOD schemes have proved admired with 88% of healthcare providers letting medical experts use their own laptops, Smartphones, and other moveable storage devices in the place of work. Nevertheless, according to the survey, over half of the respondents didn’t consider the devices to be safe.

This is backed up Ponemon data that indicates as many as 38% of healthcare providers haven’t taken the needed steps to safeguard these private devices, even though they are being used to transmit PHI. Even trendy file sharing programs are apparently being utilized by some medical experts to share some data, which not only increases the danger of unlawful disclosure of PHI, it practically guarantees it.

Ponemon Institute stated CNBC reporters that given the volume of devices in use as well as the lack of controls to safeguard the data sent and stored, “You could be oozing a great deal of information and never know you had a data violation.”

Patients Advised to Verify EOB Statements

As so many people possibly have access to PHI and the safety measures utilized to keep the information confidential can be substandard, the possibility of an individual being affected by a medical scam is astonishingly high. Patients might be at the mercy of their insurance companies and healthcare providers, but that doesn’t mean they are helpless to do anything concerning medical data thievery.

There is one very vital step which can be taken to make sure that patients don’t have to foot the bill of somebody else’s healthcare. Clarification of Benefits Statements should be checked to monitor for a medical scam.

The info described in these statements lets people check whether any 3rd party is claiming benefits, or has obtained medicines using their ID numbers and personal information or undergone medical processes.

If any entry doesn’t seem to be correct, contains the name of a healthcare provider or doctor who hasn’t been visited, this info MUST be questioned. Patients might not be needed to cover the cost of these false claims initially, however, ultimately they may have to foot the bill. It is therefore vital that these statements are proven before thousands of dollars of medicines as well as medical services are deceitfully obtained.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.