Celebrities, public figures, and their family members are especially vulnerable to inappropriate accesses to their medical records, given the public’s interest in their lives and well-being. After experiencing a health crisis or death, VIPs are often thrust into the spotlight where intense media scrutiny occurs. It is their health or insurance provider’s responsibility to ensure these patients’ private medical information is protected. It is often reported that members of the media will try to pay hospital employees to sneak into a VIP’s electronic medical records to obtain private information, giving reporters the inside scoop—a serious breach of the patient’s rights under the HIPAA Privacy Rule.
In May, health data breaches continued to be disclosed at a rate of one or more per day, a trend first noted in the 2016 Annual Breach Barometer Report. If the Breach Barometer has taught us anything, it’s not a matter of “if” a healthcare organization will experience a data breach, but simply a matter of “when”. A lot of damage can be done when a breach goes for several years without detection, providing additional time for the information to be disseminated or time for malicious insiders to continue their activities. It is imperative that healthcare organizations educate themselves on what they can do to reduce their risk and detect breaches as soon as they occur.
April is the second month in which there seems to be noticeable improvement in the time it takes for healthcare organizations to report their breaches to HHS. Last month (March) HHS stepped up their enforcement by beginning to fine healthcare organizations not reporting health data breaches within the required 60-day window. It begs one to ask if healthcare organizations are becoming more diligent in responding and reporting breaches to patient data as a result of this regulatory scrutiny. Transparency about the data breaches that are plaguing the healthcare industry will help organizations and regulators to better understand the breadth of the problem as well as to determine how to best mitigate and defend institutions from becoming further victimized.
After a relatively quiet start to the year, there has been an uptick in the number of health data breach incidents and a drastic increase in the number of breached patient records this month, with almost 700K patients breached in a single incident. Also of note is that a recent report found that academic medical centers are substantially more likely to be breached than other health systems. These findings reinforce the need for academic health systems to pay particular attention to how they are protecting their patient data and what proactive measures they have put in place to thwart these threats.