Section 13402(e)(4) of the HITECH Act requires that all healthcare breaches impacting 500 or more individuals must be posted by the Secretary. We visited the US Department of Health and Human Services Office for Civil Rights’ Breach Portal and gathered data from the August 2018 – November 2018 reports* to give you a quick glimpse into the world of PHI data breaches and HIPAA violations. We’ve also put together a list of what you can do to prevent these breaches and how we can help.
Not all breaches are the result of a malicious hacker, sometimes it’s just a simple mistake such as sending a file to the wrong person.
The faster a data breach can be identified and contained, the lower the damages and costs. According to the Ponemon Institute’s Cost of a Data Breach Study, the mean time to identify a breach across all industries was 197 days, and the mean time to contain was 69 days. Healthcare companies had the longest number of days to contain at 103.
These breaches are putting millions of patients’ information at risk; and when you consider that the average cost per record is $148, the numbers are even more astounding.
Of the 123 reported breaches, across 35 different states and Washington DC, the largest proportion of breaches were in two states. California accounted for 7.3% of the breaches while Texas accounted for 15.4%.
HIPAA violation fines vary between $100 per violation/record to up to $50k per violation/record. The fine is determined by the perceived level of negligence for each violation. There is a maximum penalty of $1.5M/year for each violation. Criminal charges, although rare, have also occurred.
What you can do
Most IT companies know nothing about HIPAA compliance:
We do. By partnering with HIPAA experts, ADKtechs provides peace of mind for even the most compliance-driven industries. Here’s what we offer:
*Reports are dynamic. The information in this blog is accurate as of the date it was written.