In short: Health data breaches as reported in accordance with HIPAA and the Health Information Technology for Economic and Clinical Health Act appear to be on the rise, according to a recent study published in the Journal of the American Medical Association. In fact, the study notes that only around 199 breaches occurred in 2010, that number climbed nearly 73-percent to 344 breaches in 2017. Most of those breaches weren’t digital in nature but those that were accounted for the overwhelming majority of records accessed or stolen. In fact, although only around 19-percent of breaches occurring over the seven-year span involved network servers or email, those accounted for 79-percent of records breached. Similarly, although health care providers saw the biggest leap in breaches, the majority of the records in question stemmed from ‘health plans’ – defined by HIPAA as individual or group ‘plans’ that provide or pay the cost of medical care. Those saw a total of 110.4 million breached records in 2017 alone.
Background: Breaches of data security aren’t at all a new trend and have recently become hot-button issues for various technology companies and other entities. Facebook, for example, has faced scrutiny across multiple governments in the wake of its failure to prevent Cambridge Analytica from collecting and sharing private user data. Meanwhile, Google has also been in the news much more recently due to apparent missteps in handling its own users’ data and misleading or unsatisfactory explanations regarding the use of features that collect that data. However, medical records tend to hold a lot of information on patients that would not otherwise be found through breaking into or bypassing measures from a company such as Facebook or even Google in many cases. They can include, for example, a user’s birthdate, blood type, social security number, other identifying information, and more. That can lead to not only problems with identity fraud but privacy concerns or issues associated with phishing scams and more.
Impact: Meanwhile, big data and global tech giants such as Google already have projects well underway that would see databases associated with medical records and associated information shared between hospitals and health care providers. Presumably, at least some of that would also be shared with those entities defined by HIPPA and other laws as “health plans.” Given that healthcare wearables may enter into that equation at some point, bringing location data and other health metrics in real time to medical records, the problems outlined in the study could actually get much worse. One obvious part of a possible solution to that will be the inclusion of strong security practices among companies creating the new healthcare technologies. However, responsibility for that burden will also fall on those taking part in manufacturing the IoT associated with healthcare and enterprise systems as well.