By Katie Wike, contributing writer
A Redspin report finds PHI data breaches rose by 25 percent in 2014 and affected the records of nearly nine million patients.
A recently released report from Redspin shows PHI data breaches increased 25 percent from 2013 to 2014. Health IT Security reports that, just since the HITECH Act went into effect in 2009, 40 million patients have suffered a breach of their records. Even worse, this statistic does not include the 80 million that could have been compromised in the recent Anthem breach.
“From here on, all PHI breach statistics are going have to be reported as ‘pre- or post-Anthem,’” said Daniel W. Berger, President and CEO of Redspin in a press release. “It's that big. We wouldn't be surprised to see the costs of the Anthem breach exceed a billion dollars.”
The report summarizes its findings as follows:
“Whether due to insider threat, snooping, or negligence, reducing unauthorized access can only be prevented by a comprehensive security program – not a once a year risk assessment but an integrated program of policies, controls, technical safeguards, organizational accountability, enforcement, training, and leadership,” Redspin stated.
The report concludes providers must have comprehensive preventative measures in place to prevent breaches, but these measures must evolve as technology to surpass them will also evolve.
“HIPAA security risk assessments are only the tip of the iceberg, particularly for the providers who resist the idea that this scope of work needs to be technical,” the report notes. “It is not possible to adequately assess security risk without identifying real vulnerabilities and developing (and implementing) a remediation plan to address them.”