Data Privacy Day 2017: Value & Protect Your Personal Information

January 28 marked Data Privacy Day 2017, an international effort to promote awareness about respecting privacy, safeguarding data, and enabling trust. While they may have been hesitant initially, healthcare organizations have started to fully embrace cloud technology.

In fact, a recent survey by HIMSS Analytics found that 83% of healthcare organizations are currently using cloud-based applications. Furthermore, the cloud computing market in healthcare is expected to grow at a 20.5% compound annual growth rate to reach $9.48 billion by 2020.

According to the Office of Civil Rights, the top ten data healthcare breaches from 2015 alone resulted in over 111 million patient records being compromised. Even more recently, hackers infiltrated the World Anti-Doping Agency’s athlete database to expose private medical information concerning Serena Williams, Venus Williams and Simone Biles. According to IDC’s Health Insights group, 1 in 3 healthcare recipients will be the victim of a healthcare data breach this year. Today’s healthcare organizations are failing in the battle against cybercrime primarily because their IT teams are using an outdated arsenal of tools.

As of July 31, 2016, OCR had received over 137,770 HIPAA complaints and initiated over 885 compliance reviews. While it has resolved the vast majority of these cases, OCR still has over 5,000 open cases. These are just some of the noteworthy listings.

Entity Settlement Date Key Allegations
Care New England Health System (CNE)

Advocate Health Care Network

$400,000 +

$5,550,000

September 23, 2016

August 4, 2016

Business associate agreements not up to date

Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements

University of Mississippi Medical Center $2,750,000 July 21, 2016 Policies and procedures lacking
Oregon Health & Science University $2,700,000 July 18, 2016 Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements
Catholic Health Care Services of the Archdiocese of Philadelphia $650,000 June 29, 2016 Policies and procedures lacking, Insufficient risk assessment
New York Presbyterian Hospital $2,200,000 April 21, 2016 Disclosure of two patients’ PHI to film crews and staff during the filming of television series
Raleigh Orthopedic Clinic, P.A. $750,000 April 19, 2016 Lack of business associate agreements
Feinstein Institute for Medical Research $3,900,000 March 17, 2016 Policies and procedures lacking
North Memorial Health Care of Minnesota $1,550,000 March 16, 2016 Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements

Contact Crossroads Technologies today to find out how we can help you be better protected.

Advertisements