Healthcare data breaches impact employers, benefits security

Given the past high-profile data security breaches at large retailers Target and Home Depot, legal officials maintain there may be more at stake for employers and benefit managers when lapses occur in healthcare provider systems.


Given the past high-profile data security breaches at large retailers Target and Home Depot, legal officials maintain there may be more at stake for employers and benefit managers when lapses occur in healthcare provider systems.

Over the summer, Community Health Systems, a large publicly-traded hospital company in Franklin, Tenn., disclosed in a Securities and Exchange Commission filing that it was the victim of criminal cyber-attack in April and June. Approximately 4.5 million individuals, who, in the last five years, received services from physicians affiliated with the company, were affected.

Noting that this information did include information that is protected under the Health Insurance Portability and Accountability Act, CHS says patient names, addresses, birthdates, telephone numbers and social security numbers may have been stolen in the attack. The hospital company, which operates 206 hospitals in 29 states, says it is in contact with authorities and will provide identity theft protection services to individuals affected.

Meanwhile, in a webinar last week, Michael E. Clark, special counsel at Duane Morris, said “the evolution of technology and the connectedness and vulnerabilities is quite dramatic.”

According to the Department of Health and Human Services’ annual report to Congress on breaches of unsecured protected health information, there were 150 reports of healthcare provider breaches that affected 500 or more individuals in 2012; this impacted approximately 1.5 million people. Breaches through business associates and health plans rounded out the top three.  

“The people that are doing the hacking understand that a healthcare record is far more valuable from them to a standpoint to be able to market than basically stealing from a financial institution and getting people’s Social Security numbers,” explains Charles E. Harrell, partner in Duane Morris’ Houston office. “An electronic record would have enough information that you could create a false identity pretty quickly.”

For employers, which administer healthcare coverage, payroll and other benefit systems, Harrell says “there’s a lot that we have to do.” According to the Employee Benefit Research Institute’s 2013 Consumer Engagement in Health Care Survey, 156 million individuals under age 65 had employment-based health benefits.

“Employers have to be particularly mindful of the fact that people are out there trying to steal information,” Harrell says. He recommends that companies utilize encryption software for protection of intellectual property and employee information is key.

“If you are not encrypting in today’s world, I think you’re behind the curve,” Harrell adds.

More for you

Loading data for hdm_tax_topic #reducing-cost...