Proliferating HIPAA complaints and medical record breaches

Share this article:
The number of complaints regarding violations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) continue to increase each year in tandem with an increase in breaches of medical records, according to one security professional.

In addition, a growing number of these complaints are going unresolved.

The protected health information (PHI) security and privacy goals of HIPAA in spirit and intent are good, Herold, leader of the Realtime IT Compliance Community, told SCMagazineUS.com on Friday. The regulatory oversight of the U.S. Department of Health and Human Services (HSS), however, has been underwhelming, she said.

The statistics provided about Privacy Rule complaints clearly show the numbers increasing on an annual basis, she added. This is a result not only of the growing numbers of privacy breaches, but also of the public's growing awareness of the risks involved with PHI breaches, and the fact that covered entities clearly have a law requiring them to protect PHI, but it is a law that is not being enforced.

Over the past five years, there were over 32,000 reports of complaint about HIPAA to the Office of Civil Rights (OCR), Herold said. Approximately 25,500 of these have been resolved.

“It is also important to point out that the same four issues have been the top issues where complaints were received every single year,” said Herold.

Those issues are impermissible uses and disclosures, safeguards, access, and minimum necessary.

“These categories of vulnerabilities are significant contributors to privacy breaches,” she said.

The health care sector continues to be an industry that suffers from large numbers of data breaches, Doug Pollack, chief marketing officer of ID Experts told SCMagazineUS.com.

“This can be partially attributed to the essential need for access to confidential patient information on a real time basis by medical professionals,” he said. “While they may not correlate directly, it isn't surprising that there is an increase in both the number of data breaches and the number of HIPPA violation complaints. While there is no simple answer to substantially reducing the risks that lead to data  breaches in the medical community, a large number of breaches in healthcare are caused by loss or theft of physical files or laptops, and so more rigorous physical security policies and data encryption standards for laptops may be a very good place to start.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.