I’ve written extensively on HIPAA violations and data breaches, but mainly from a national perspective. But it’s time to bring it home and examine the current state of Michigan HIPAA violations, as we are not immune.
With at least 11 PHI data breaches since 2009, these cases involved personal medical information for more than 118,000 people according to the Detroit Free Press with statistics sourced from the U.S. Department of Health and Human Services (HHS). The largest single incident affecting the most individuals is the Providence Hospital data loss case of February 2010, affecting almost 84,000 individuals.
The latest PHI mishandling incident to result in a class-action suit against the Henry Ford Health System, located right here in our backyard, exemplifies the seriousness of untrained and non-HIPAA compliant contractors. The hospital has a history of breaches, including 3 separate breaches within the last few years. However, the latest incident involves a Detroit woman’s medical record leaked online by a transcription service for the hospital. With sensitive information exposed concerning her condition, medical record number and her name, she has subsequently filed a lawsuit against the hospital.
According to the Detroit Free Press, covered entities and business associates alike have not been fined or penalized for data breaches thus far, but all of that may change as the federal audits sweep through the country and the HIPAA applicability rule is schedule to include business associates under liability for compliance come March, as I wrote about in Business Associates Must Be HIPAA Compliant By March 2012.
The infamous Ponemon report on privacy and security shows that the top three causes for a data breach were lost or stolen devices, unintentional data release by contractors and unintentional employee mistakes. If covered entities and business associates alike could cut down on the amount of human error by training employees and raising HIPAA compliance awareness, these violations could be significantly reduced. This blog post also includes a roadmap to achieving HIPAA compliance that may be useful for covered entities and business associates alike.
Find more about HIPAA compliance in our related press releases, blog posts, e-tips and case studies in our HIPAA Compliant Resources section of our site. Read What is a HIPAA Violation? for tips on reducing your risk of a data breach.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.