The Greatest HIPAA Risk for Your Medical Practice? You.
April 19, 2019 |
Articles
In this technology-driven age, there are constantly new threats to the efficacy of your medical practice’s HIPAA compliance program. Cloud-based storage, medical device software, and ransomware are some of the latest and greatest advances causing compliance headaches.
But the biggest threat to your medical practice’s HIPAA compliance efforts is tried and true and you need to look no further than in the mirror or down the hall to find it. It’s you. And it’s your partners, your clinical staff, and your administrative staff members.
Yes, insider breaches account for the majority of healthcare data breaches and security incidents. According to Verizon’s 2018 Data Breach Investigation Report, insiders precipitate 56% of healthcare data breaches, making the healthcare industry the only industry where internal threats are greater than external threats. [1]
This shouldn’t be that surprising. People – your people – are the common thread underlying and running through the myriad of risks posed to the security and privacy of your practice’s health information.
But the data is surprising.
- 71% of healthcare data incidents are caused by errors, misuse, social attacks, and physical breaches.[2] Insiders lie at the heart of each of these types of breaches. Errors are generally inadvertent and can include situations like leaving a message on the wrong patient’s voicemail, misplacing patient files, or losing a cellphone, laptop or portable storage device. Misuse includes disclosing patient information to others, sharing login credentials with co-workers, posting patient photos or information on social media, and accessing patient records inappropriately. Social attacks generally involve outsiders engaging in phishing and pretexting against insiders. These social engineering tricks often easily fool insiders. Physical breaches usually involve theft or misplacement of electronic devices, equipment or files as a result of insider carelessness, negligence or mistake.
- Errors and misuse (whether inadvertent or intentional) are the top two insider threats.[3] Errors are more common than malware or hacking incidents. Abuse of access privileges is the leading type of misuse.[4] The 2018 first quarter Protenus Breach Barometer Report indicates that an employee who misuses his or her access privileges has a 20% chance of repeating the misuse within the following 3 months and a 54% chance of repeating the misuse within the following 12 months.
Financial gain motivated 40% of insiders’ misuse of health information.[5]Some insiders purposefully steal patient information to sell on the black market or as leverage in case they are
Related Content
Press Releases
Partners Anoush Koroghlian-Scott and Lauren A. Suttell Present at the 2023 New York State Bar Association Health Law Section Fall Meeting
October 26, 2023
Press Releases
Upstate New York Super Lawyers 2023 Honors 45 Lippes Mathias Attorneys
August 29, 2023
Client Alerts
DEA Extends Prescriber Telemedicine Flexibilities for Additional Six Months
May 10, 2023
Client Alerts
New Disclosure and Notice Requirements for New York Physician Practice Transactions
May 4, 2023
