Data breaches continue to be an issue for healthcare providers, as indicated when looking at breaches reported to the Office for Civil Rights (OCR), as required by HIPAA. In the first three months of 2018, there were 77 breaches of protected health information (PHI) reported to OCR, which included more than one million patient records.

In the first quarter of 2018, insiders continued to plague the healthcare industry as 59.74% of the reportable breaches were caused by unauthorized access/disclosure of PHI, loss of physical records and failure to properly dispose of PHI.

Physical records were the most common location of the records breached in the first quarter of 2018, which includes paper records and films. This statistic shows that healthcare providers are still grappling with securing paper records and other physical storage of PHI, as well as access to and removal of PHI through physical means.

The HIPAA Security Rule requires covered entities and business associates to develop and implement appropriate physical, technical and administrative measures to protect the integrity and confidentiality of PHI, which can be in both paper and electronic form, despite the fact that entities are transitioning to electronic medical records. This statistic is a reminder to pay attention to paper records, films, back-up tapes and other physical media where PHI is stored.