A common scenario in email security breaches is seen when a billing service sends a bill to an incorrect email address. In most practice arrangements, a third-party billing company will have signed a business associate agreement. According to HIPAA, business associates must inform covered entities when they discover a security breach; however, HHS gives covered entities and business associates flexibility in defining, in the business associate agreements, how and when a business associate should notify the covered entity of a potential breach.1 Consider the following case. (Please note that the following case focuses on the clinic’s responsibility to analyze the risk and perform the breach notification, even though the breach was caused by a business entity.)
Learn More »Misdelivered Email Results in a HIPAA Data Breach
According to HHS data, more than a third of all data breaches reported through 2017 involved a laptop, desktop, or mobile device.1 Compare Cases One and Two, and consider how better security practices protected the covered entity in Case Two.
Learn More »Employee Voyeurism Leads to a HIPAA Data Breach
Employees access PHI for various illegitimate reasons. Including error and misuse, 71% of all cyber incidents in healthcare have an insider source1— the only industry that has more internal sources than external. Although the following case study involves only one patient, the covered entity was required to complete a data breach analysis and notify the patient and HHS.
Learn More »Creating mobile device policies can be tricky. Burdensome security policies and strategies that diminish productivity will most likely result in employee workarounds that defeat security efforts.1,2 Additionally, human error and criminal intent can defeat the best-intentioned employee laptop and storage device security strategies. Despite these difficulties, mobile device policies are a necessary part of a comprehensive information security program to prevent HIPAA data breaches.
Learn More »The healthcare industry experiences more data breaches (confirmed data disclosure) than any other industry in the United States, accounting for more than 24% of all breaches.1 In 2017, healthcare data breaches compromised more than 5 million healthcare records2 and cost providers an average of $380 per record — more than any other industry and 69% greater than the overall average.
Learn More »| | Next > |