In February, 2020, a woman walked into a Bakersfield, California newsroom with a box of highly privileged information about thousands of Kern County patients. The records were taken by her ex-boyfriend who had been a student in the Kerns Medical residency training program. The man also allegedly stole prescription pads and engaged in a relationship with a patient. Kerns Medical Facility entered damage control mode, stating that students were not permitted to take patient records home with them. But what safeguards were in place to stop a resident from stealing that confidential medical information?
When we hear about data breaches, we envision a hacker in a backroom using computer expertise to obtain personal information through hacking or phishing scams. Although that does happen (too often), a 2019 study revealed that the healthcare industry is particularly vulnerable to another type of data breach—by insiders. More than half of all data breaches in the healthcare industry are caused by employees, not nameless, faceless hackers.
How Common and Costly are Healthcare Data Breaches?
The healthcare industry is hit hard by data breaches. According to HIPAA Journal, in the decade between 2009-2019, there were 3,054 healthcare data breaches affecting more than 500 patient records. Nearly 231 million people experienced loss, theft, and impermissible disclosure of their medical records. That's more than 69% of the U.S. population. In 2019 alone, an average of 1.4 daily data breaches were reported in the U.S.
The worst healthcare data breach in U.S. history happened in 2015. One breach exposed 78.8 million records, affecting patients with health plans through Anthem Inc. Total records exposed that year topped more than 113.7 million. 2019 saw a 37% increase in record breaches over 2018—12.5% of the U.S. population had medical records stolen.
Data breaches result in two types of costs: costs to patients (stolen identities) and costs to healthcare providers for not stopping these breaches from happening. It costs patients an average of $1,343 to deal with the ramifications of identity theft. HIPAA violations create fines of anywhere between $100 to $50,000 for the healthcare provider.
The Importance of Preventing Data Breaches in the Healthcare Field
Patients share home address, social security number, job title and employer, medical history, and prescription information with their healthcare providers and insurers. Much of this information is mined in an identity theft. But in 1996, the U.S. government passed the Health Insurance Portability and Accountability Act (HIPAA). New regulations required healthcare providers and insurers to protect patient records through electronic billing and digital transformation of records to better safeguard medical information.
Because of HIPAA, the industry has largely moved from paper medical records to electronic records. This provides the patient with easy access to their records, while making it more difficult for others to get their hands on the information. Unfortunately, about a quarter of U.S. patients are still wary about using patient portals to access their information online. They fear their information will be stolen or viewed by others. Given the high number of data breaches in recent years, their fears are understandable.
Preventing Breaches Increases Patient Outcomes
HIPAA instituted electronic health records to produce five key outcomes:
- Improving the quality, safety, and efficiency of healthcare with portable medical records. If doctors have patient medical history at their fingertips, they know which measures have already been applied, what medications the patient has been prescribed, and other pertinent details that impact patient care.
- Better patient engagement: When patients can access their information, update their files, and ensure that their medical history is accurate, errors go down and providers have a better picture of patient condition.
- Improving care coordination: Electronic records put everyone in the healthcare spectrum on the same page as files are shared digitally between providers without time lag or risk of lost documents.
- Improving overall health by aggregating disparate facts and reporting them to policy makers.
- Ensuring privacy and security of patient data through encryption and authenticated access.
How DRS Can Help Prevent Breaches
DRS helps healthcare companies prevent data breaches and meet HIPAA compliance while improving patient-centric care and reducing costs. We offer healthcare document management and warehousing, medical document scanning services, assistance with mandated information governance in healthcare, EHR access and information sharing, and data protection and confidentiality services.
Some of the many benefits our services provide include:
- DRS provides scanning services and facilities that are HIPAA compliant. Scanning paper medical records to electronic medical records safeguards security risks and costs involved with paper records.
- A digital workflow increases clinic efficiency. It also provides important security measures. Scanning paper records into digital format prevents accidental breaches by eliminating scattered pieces of data that contain personal information and makes records accessible only by authorized personnel.
- Document management software from DRS ensures that only authorized users have access to the material and provides a complete audit trail for all actions. Further protections, such as the restricted ability to share the documents, are also included.
- DRS Imaging provides management solutions that analyzes and identifies what data must be kept, how and where it is best stored, and which information can be safely discarded. We are able to safely sort through large backpiles of information and provide specific solutions for retaining and storing employee information. We also offer custom solutions for other departments, audits, contracts, and credentialing.
If your organization has not yet scanned paper medical records and developed a digital workflow in order to protect medical information and improve patient care, DRS can help. Contact us for more information about the services we provide.