November 2016 was the worst month for healthcare data breaches since records started to be kept by the Department of Health and Human Services’ Office for Civil Rights (OCR), the body vested with the power to enforce HIPAA. In November, 57 breaches were reported, which amounts to almost two breaches per day.
November’s total was 35% higher than August, 2016 (the previous highest month) and 60% higher than October, 2016. This begs the question: are there actually this many more breaches or are healthcare entities just becoming more effective at identifying and reporting them?
That question remains to be answered, but what we do know is that 54.4% of the November breaches were caused by “insiders” (those who worked for the healthcare organization that was breached), 17 breaches were accidental (those are the ones that good HIPAA awareness and training programs may be able to reduce) and 14 were the result of malicious actions by employees with access to PHI (an issue for HR and management).
Being aware of the types of breaches that happen and training yourself and your employees on proper procedures and preventive techniques is the first step in making sure the next breach doesn’t happen at your organization. If you have any questions about HIPAA training, please feel free to get in touch.