In 2015 and 2016, Protenus found that the privacy of professional athletes’ medical records was violated equal to or more than any other VIP or celebrity category. The majority of these privacy violators were repeat offenders. Why? In many cases, Protenus found that football enthusiasts were looking for a competitive edge in their fantasy league by looking at the athlete's records to identify injuries or other types of vulnerabilities.  

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule made many sweeping changes to the healthcare world. One of the most significant was the requirement that all healthcare organizations – no matter their size – designate a privacy officer whose primary duty is to protect the confidentially and privacy of patients’ protected health information (PHI).

It is no secret that electronic health records (EHRs) are incredibly valuable. One needs to only look at the number of cyber attacks that target healthcare organizations as proof that those records contain extremely valuable patient information.

The healthcare industry is under siege.

Health data breaches of patient information have become all too common, with both external and insider threats trying to gain access to patients’ electronic health records (EHRs), and it does not appear that the number of attacks will ease up anytime soon. But this begs the question: Why are EHRs so vulnerable to attack? And why do criminals target them in the first place?

Patients most frequently interact with doctors, nurses, and allied health professionals, making it easy for them to forget about all of the other people that go into running a hospital. Among the many unseen activities that go on in healthcare, hospitals need teams managing patient data, submitting insurance billing, maintaining legal compliance in clinical trials, and ordering medical supplies, in order to properly operate. Compliance teams can work with patients to help them better understand how the healthcare organizations they visit monitor and protect their electronic protected health information (ePHI).