HIPAA Security: Guard against exposure

A. A breach is an incident in which an individual name, plus a Social Security number, driver's license number or a medical or financial record, is potentially put at risk due to exposure. For firms in the medical industry, the cost for not protecting patient data is astronomical. According to the Office for Civil Rights, some $17 million in HIPPA (Health Insurance Portability and Accountability Act of 1996) violation settlements have been paid out in 2017 alone. Some of these settlements include:

•  $2.4 million - paid by Memorial Hermann Health System, a nonprofit health system in Texas

•  $2.5 million - paid by CardioNet, a wireless health services provider in Pennsylvania

•  $5.5 million - paid by Memorial Healthcare System, a nonprofit medical facilities operator in Florida

•  $387,000 - paid by St. Luke's-Roosevelt Hospital Center Inc. (formerly Spencer Cox Center), a provider of comprehensive health services to persons living with HIV or AIDS, in New York

 Breaches are up almost 30 percent from this time last year, and, what's more, the latest reporting from the Identity Theft Resource Center (ITRC) shows that of the 900 data breaches from January-August of 2017—associated with some 16 million records—more than 25 percent are within the healthcare/medical industry.

Penalties of this sort make the true cost of not protecting data clear to everyone. When fines can run into the millions, it can be fairly said that “an ounce of protection is worth a pound of cure,” especially when it comes to healthcare IT security.

Ebba Blitz is CEO of AlertSec. Reach her at ebba@alertsec.com.