I always wanted to write, 'In the USA Today, today' in the Life section snapshots sidebar there is an interesting stat from a December 2012 Ponemon Institute study of 80 health care organizations showing that the data lost or stolen most often are our medical records at 48% and billing/insurance records at 48% followed by payment details at 24%. Multiple responses were allowed which is why the percentages break 100. What is more alarming is that over the last two years, 94% of health care organizations have been breached at least once and 45% have had 5 or more incidents! What is sad is that over half (54%) have little or no confidence that they can detect patient data loss.
I know many of us often delay or avoid the doctors for fear that we might get diagnosed with something terrible but maybe now we'll avoid with the notion, 'eh, I'm healthy and I don't want to be afflicted with identity theft disease.' Ask your doctor about ITD - common side effects include increased heart rate, depression, headaches, loss of appetite and in some patients, bank account drainage. Why risk it? Heck, the last time my wife went to her now previous doctor and asker her about how she complies with HIPAA, the doctor didn't even know what that was! How can that be? How can a practicing physician be unaware of HIPAA? That's like a bank unaware of PCI or the numerous other financial regulatory requirements. But is it 'unaware' or 'just don't care.'
The primary causes of health care data breach include lost or stolen devices along with employee or 3rd party mistakes and they only learned of the breach because of an audit. Data gets moved around amongst various parties for multiple reasons it is often hard to determine who and where leaked it.
Suggestions include appointing senior security roles reporting to the board, securing mobile devices, using encryption, develop breach plans that are ready and tested, education and as more health care organizations turn to the cloud, understand and control that risk - whatever it may be.
Oh, and have a seat, we'll be with you in a moment.