Healthcare data breaches are increasingly common—that’s one of the stark conclusions from the Ponemon Institute’s sixth annual study on the state of security and privacy in the healthcare industry. Drawing on a detailed survey of healthcare organizations (HCOs) and their business associates (BA), the Ponemon study found that in the previous 24 months:
The sources of data breaches varied, but criminal actors, either inside or outside the HCO, played significant roles. When asked about the root cause of data breaches:
Criminals clearly understand the value of stolen medical records for perpetrating medical fraud and other forms of identity theft. Stolen medical records can be used to illicitly obtain prescriptions, medical equipment such as electric wheelchairs, and medical care worth thousands or even tens of thousands of dollars. Experian reports that the average incidence of medical fraud ends up costing the victim over $22,000. It’s not surprising therefore that, on the black market, a stolen medical record sells for 10 times the price of a stolen credit card.
Since medical fraud is so lucrative, HCOs and BAs should expect the attacks on medical files and billing records to continue.
The Importance of Data Security for Business Associates and Other Third Parties
This year’s Ponemon healthcare data survey was the first to include business associates as respondents. Broadening the focus of healthcare data security to include the business associates of healthcare organizations makes sense. In 2009, the Health Information Technology for Economic and Clinical Health Act (more commonly referred to as the HITECH Act), expanded the scope of the HIPAA Data Privacy Rule to cover an HCO’s business associates such as third-party administrators, medical transcriptionists, law firms, CPA firms, and other parties providing services such as data analysis, practice analysis, and billing. Given the nature of their work, these organizations inevitably end up handling protected health information (PHI) like medical records, and unfortunately, their systems can be compromised. As a result, the HITECH Act requires these organizations to meet the same standards for data privacy and data security used by HCOs themselves.
HCOs seem to recognize the risks posed by BAs and other third parties. According to the Ponemon survey, about a third of HCOs believe that BAs are not vetted carefully enough, and about two thirds (61%) of HCOs are now paying more attention to the data security practices of the BAs they work with.
Solving the Problem of Data Breaches in Healthcare
To reduce the frequencies and scope of data breaches, HCOs and their business associates need new data security and data governance solutions that work with their existing IT systems. Specifically, HCOs and BAs need:
The kiteworks Solution for Healthcare Data Security
kiteworks by Accellion is a secure file sharing platform that enables secure access to enterprise content sources to allow HCOs and BAs to share, send, sync and edit files on any type of device, from any content store.
Designed to reduce the risk of data breaches while supporting compliance and collaboration, the kiteworks platform:
To learn how kiteworks is helping leading HCOs such as Kaiser Permanente, Seattle Children’s Hospital and Indiana University Health protect PHI while supporting collaboration, please visit our healthcare page.