Imagine the following scenario: a celebrity is visiting your hospital after suffering a minor injury. One of your employees lets curiosity get the better of him and accesses the celebrity’s electronic health records (EHRs) without authorization. A protracted lawsuit follows, this cost of a healthcare data breach can cost months of time and hundreds of thousands of dollars. The media covers the scandal extensively, costing your organization even more by giving it bad publicity and driving customers away.

Continuing our Cost of a Breach series that examines and breaks down the cost of a hospital data breach, this week’s post will take a closer look at the first two steps a hospital or healthcare institution must take after a data breach has occurred: forensics and notification. In the aftermath of a data breach, the first thing a healthcare organization must do is determine what electronic health records (EHRs) were illegitimately accessed and who accessed them; this process is known as data forensics. Once the scope of the breach is known, an institution must then notify any affected patients and provide them with specific support services.

After a staggering 11 million patient records were breached in June, July's number of total records breached is back down to April’s levels, at 126,930 records (though nearly half of U.S. states had at least one healthcare data breach incident this month). New this month, we present an analysis of the amount of time a breach goes unreported, finding an average time lapse of two years, with as many as six years elapsing in one case.  

Summer school is still in session! In an effort to help cure vendor fatigue, we’ve decided to put together a Privacy Analytics Primer to demystify all the similar-sounding solutions and phrases out there. We’re focusing on how compliance and security officers can ensure that EHR access is reviewed and patient privacy protected, per 45 CFR 164.308 and 45 CFR 164.312.* Our aim is to help you better determine which type of privacy program is right for your institution.

As more healthcare organizations switch from paper to electronic health records (EHRs), the ability of those organizations to secure electronic records becomes more and more important. And with threats becoming increasingly common and costly, healthcare organizations need to carefully consider how they are going to prevent security breaches and what key components are necessary in a security platform in order to counter attempts to steal their patients’ health data.