After a relatively quiet start to the year, there has been an uptick in the number of health data breach incidents and a drastic increase in the number of breached patient records this month, with almost 700K patients breached in a single incident.  Also of note is that a recent report found that academic medical centers are substantially more likely to be breached than other health systems.  These findings reinforce the need for academic health systems to pay particular attention to how they are protecting their patient data and what proactive measures they have put in place to thwart these threats.

After a noticeable decline in the number of hacking incidents, insider-related breach incidents have doubled relative to the previous month. February’s health data breaches reinforce the importance of understanding inappropriate workforce activity, especially when the majority of incidents come from within a healthcare organization.  For instance, a Nebraska hospital recently discovered a breach that had been going for more than five years and was the result of ongoing insider-wrongdoing.  It’s important for healthcare organizations to use advanced analytics to immediately detect breaches of this magnitude in real-time, greatly reducing the impact for patients and organizations alike.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule made many sweeping changes to the healthcare world. One of the most significant was the requirement that all healthcare organizations – no matter their size – designate a privacy officer whose primary duty is to protect the confidentially and privacy of patients’ protected health information (PHI).

2017 has kicked off with a huge proportion of insider threats, as January data from disclosed breaches reveals that 59.2% of breached patient records were the result of insiders.  This month’s health data breaches reinforce the importance of health data security, as the need to protect patient data from insiders continues to loom large.  Healthcare organizations, more than ever, need to be proactive in discovering and reporting when a breach has occurred. This is especially the case given that HHS OCR has issued its first fine for failing to report a breach within their 60-day window.

HIMSS17 is just a month away.  As attendees are researching which sessions and networking events to attend, we’ve scoped out the very best and have put them in one place for your convenience.