This month, the Ponemon Institute released its Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data and its findings are generating a good deal of attention. In the past, the Study has found that most data breaches in healthcare organizations were caused by lost or stolen devices or due to employee inattention, mistake or error. Publicized breaches involved improperly disposing of sensitive information or leaving a laptop or phone in the trunk or backseat of a taxi. To address these situations, healthcare organizations adopted “best practices” policies and procedures around employee education and awareness for devices, passwords and patient data.

According to the most recent Study, there has been a shift in the cause of data breaches in healthcare organizations. Today, the primary cause is from criminal attacks. The Study describes a criminal attack as a “deliberate attempt to gain unauthorized access to sensitive information.” This shift in the cause of a data breach has occurred over time, with criminal attacks increasing 125 % over the last five years. However, the Study suggests that the situation will get worse before it improves, because most organizations have not taken steps to safeguard patient data against criminal threats due to lack of money, attention or other resources. Moreover, because of the lack of resources, many organizations express real concern about even being able to detect data security incidents as they are occurring or after they have occurred.

The Study also found that data security incidents are on the rise in healthcare organizations, as they are in other industries.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.