Inside TDV - The Data Vault Blog
Top 5 HIPAA Data Security Risks
The insightful folks over at CloudTweaks.com have published a must-read article for anyone in healthcare IT and/or records management: It’s the Top 5 HIPAA Security Risks as Providers Migrate to the Cloud. The fact such a list exists illustrates the challenges IT professionals face with HIPAA data security requirements.
This interested us at The Data Vault because, unlike most cloud backup/data recovery providers, we are in the business of both paper records management and digital data backup and management. We have both feet in the HIPAA waters.
Anyway, we have to feel like CloudTweaks got it right. HIPAA and the HITECH Act are designed to ensure privacy and security, and it doesn’t matter to the federal government what information technology platform you use. As such, there will be breaches, be it digital data or paper. Here’s a condensed look at the list.
1. Theft of Laptops or Portable Devices
CloudTweaks points out that 44 percent of all digital breaches are from laptops, and 51 percent of all breaches are theft. It doesn’t require a hacker or a sleuth to break into a doctor’s car and steal his laptop. Yeah, leaving your laptop in the car doesn’t exactly meet those HIPAA data security regulations.
2. Paper Files
This is the next most common security breach when it comes to HIPAA. It’s easy to lose a piece of paper from a file, especially given the extensive nature of medical files. Time to consider a transition to EMR.
3. Unauthorized Access/Disclosure from Devices or Paper Files
After breaches involving paper files come mobile devices, laptops and computers. Most often, it involves a hospital or medical office worker not following protocol and giving out information they should not. That’s a HIPAA data security no-no.
4. Loss of Paper Files or Devices
Sometimes a file just disappears. It happens. Sometimes a device may even disappear, but more likely it’s going to be a file or folder of files on a device. You have to be HIPAA compliant in the event of the latter, and if you’re moving to the cloud, be sure you choose a provider that offers full security and compliance.
5. Hacking/IT Incidents
Surprisingly, this type of breach makes up only about 6 percent of all security breaches. Once again, if you’re considering migrating to cloud backup and data recovery, make sure you choose a provider that offers security from hackers.
I encourage you to read the full article, especially if you’re an IT professional in the healthcare field. Fascinating stuff, and let’s face it: HIPAA data security requirements aren’t going to relax anytime soon.