Even though the healthcare industry is more likely to suffer from a data breach than other sectors, a recent study found that fewer patients were severely impacted by a large scale security issue in 2012 than in previous years.
Without a comprehensive disaster recovery plan that accounts for proper training for all medical facility employees, any organization of any size could be severely hindered from a data breach.
Redspin, a California-based IT security audit firm found that in 2012, 146 total breaches impacting 500 or more individuals were reported, up from 121 in 2011. However, the number of patient records that were impacted was roughly 2.4 million, which is significantly less than the 10.6 million patient records impacted in 2011.
“We believe the privacy and security safeguards envisioned in the HITECH Act implemented and enforced by [the U.S. Department of Health and Human Services’ Office for Civil Rights], and recently codified in the HIPAA Omnibus Rule, are having a positive impact,” the report’s authors said. “Standing still is no longer an option.”
The authors added that the fact that institutions that do not remain HIPAA compliant could face severe fines is also playing a role in ensuring that organizations remain diligent in keeping information secure. Additionally, with bring-your-own-device (BYOD) trends becoming more popular, the amount of protected health information being taken from a laptop or other mobile device only decreased from 39 percent to 38 percent in that time frame.
According to the researchers, they expect medical facilities to continue to have issues with device security. While 18 months ago it was more rare to have employees transporting data back and forth, BYOD is now commonplace.
While the authors added that strict enforcement of the law is likely to keep healthcare organizations in line, hospitals and medical facilities can greatly benefit from partnering with business continuity consultants. These professionals can help institutions create a thorough disaster recovery plan, so they can properly recovery from a data breach.