Data Breaches in the News: Why Practices Should Pay Attention

September 13, 2011

While no practice can 100 percent guarantee against breaches like the ones that have made news in recent days, knowing which are the most common is an important part of prevention.

Last Thursday’s news of a data breach at Stanford Hospital has once again shed light on an ever-growing concern for practices. The incident was particularly alarming because it involved the compromise of data by one of the hospital’s vendor partners. 

To rehash the news reports, Stanford Hospital & Clinics in California confirmed that a medical privacy breach caused data on more than 20,000 of its patients to be publicly posted to a commercial website a year ago.

Specifically, a detailed spreadsheet that contained unencrypted information on patients during a six-month period in 2009 (including names, diagnosis codes, care dates, and billing charges) was discovered on a website focused on helping students get help with their schoolwork. And it wasn’t until one year later, on Aug. 22, that a patient discovered and reported it to the hospital.

While no practice can 100 percent guarantee against breaches, knowing which are the most common is a good preventative step practices can take.

According to HHS' “Annual Report to Congress on Breaches of Unsecured Protected Health Information,” 5.4 million people were affected by health-related data breaches in 2010. The biggest culprits were theft, loss of electronic media or paper records containing protected health information; unauthorized access to, use, or disclosure of protected health information; human error; and improper disposal. In comparison to 2009, in 2010, the number of individuals affected by the loss of electronic media or paper records was greater than those affected by unauthorized access or human error.

Recently, we spoke to health IT experts on what practices can do to best arm themselves against these culprits. They gave us lots of advice on e-mail encryption and avoiding the use of shared usernames and passwords for patient files.

As a growing number of physicians adopt electronic health records, practices would be prudent to take these suggestions into account.

We’d like to hear from you. What are you doing to prevent data breaches?