02-28-12 | Blog Post
I’ve written extensively on HIPAA violations and data breaches, but mainly from a national perspective. But it’s time to bring it home and examine the current state of Michigan HIPAA violations, as we are not immune.
With at least 11 PHI data breaches since 2009, these cases involved personal medical information for more than 118,000 people according to the Detroit Free Press with statistics sourced from the U.S. Department of Health and Human Services (HHS). The largest single incident affecting the most individuals is the Providence Hospital data loss case of February 2010, affecting almost 84,000 individuals.
The latest PHI mishandling incident to result in a class-action suit against the Henry Ford Health System, located right here in our backyard, exemplifies the seriousness of untrained and non-HIPAA compliant contractors. The hospital has a history of breaches, including 3 separate breaches within the last few years. However, the latest incident involves a Detroit woman’s medical record leaked online by a transcription service for the hospital. With sensitive information exposed concerning her condition, medical record number and her name, she has subsequently filed a lawsuit against the hospital.
According to the Detroit Free Press, covered entities and business associates alike have not been fined or penalized for data breaches thus far, but all of that may change as the federal audits sweep through the country and the HIPAA applicability rule is schedule to include business associates under liability for compliance come March, as I wrote about in Business Associates Must Be HIPAA Compliant By March 2012.
The infamous Ponemon report on privacy and security shows that the top three causes for a data breach were lost or stolen devices, unintentional data release by contractors and unintentional employee mistakes. If covered entities and business associates alike could cut down on the amount of human error by training employees and raising HIPAA compliance awareness, these violations could be significantly reduced. This blog post also includes a roadmap to achieving HIPAA compliance that may be useful for covered entities and business associates alike.
Find more about HIPAA compliance in our related press releases, blog posts, e-tips and case studies in our HIPAA Compliant Resources section of our site. Read What is a HIPAA Violation? for tips on reducing your risk of a data breach.