Why Breaches Keep Occurring
Historically, healthcare data breaches have occurred because of technical issues or mistakes, such as data not being encrypted, insufficient firewalls and information being exposed unintentionally.
But a big threat now, because it can go unnoticed for an extended period and can compromise massive amounts of data, is hacking. Certainly, the incidence of hacking has gone up dramatically, says attorney Michael Sacopulos of Sacopulos Law Offices in Terre Haute, Ind.
Today, hackers specifically want patient information because the monetary value of a patient chart is many times more than a credit card, hell tell attendees during a session at the MGMA Conference, Oct. 26-29 in Las Vegas.
While hacking gets the headlines now, Sacopulos wants to remind stakeholders that an old menace to health data--insufficient protections by business associates--continues to cause more than half of breaches and too many practices--and regulators--are not ensuring that BAs are acting responsibly.
Another major vulnerability continues to be the lack of staff training on protecting health information, Sacopulos says. I see physicians and administrators being trained, but not boots-on-the-ground staff. There just is not enough training for people handling the bulk of protected health information.
Less than half of group practices have done staff training in the past two years, he contends, based on surveys he helped develop for several national associations. The person who meets the patient 90 percent of the time has no training on HIPAA.
Sacopulos also will present a decision tree to help providers determine which partners they need to have covered under a business associate agreement. It may help them to think of some of the relationships they have in place and whether protections are in place.
The session, Why Breaches Happen and How to Prevent Them, is scheduled at 10:15 a.m. on Oct. 28 in room N254.