Risk Management Education Series brought to you by Ankota and IronRisk Strategies, LLC
“In an insurance industry study, healthcare providers reported a 32% increase in the frequency of data breaches in 2011, and the average financial impact of a single breach was $2.2 million,” according to IronRisk President Lock Curtis, a risk management strategy consultancy based in Baltimore, Maryland (article attached).
Additionally, in this recent Healthcare IT News report by Diana Manos, which is published under a partnership with HIMMS, recently reported that health data breaches increased 97% in 2011, compared to 2010, and affected more than 19 million individuals.
It’s not all bad news. While 96% of healthcare providers who participated in the study reported at least one data breach in the last two years, the majority of these were caused by employee errors and careless or sloppy actions. Still, a large number are caused by malicious attacks by those who would commit insurance or Medicare fraud. You need to address each of these risks.
What should healthcare providers do? “This is a perfect example of the types of risk that can be mitigated through a good strategic plan,” reports Curtis.
- Familiarize yourself with rules such as HIPAA and the Hi Tech Act’s data breach notification requirements.
- Develop a strategy to make sure that you and your staff are educated and trained regularly. Much can be done to prevent problems by training staff how to protect information. Ignorance is no defense.
- Require technology partners to sign Business Associate Agreements and to provide you with formal documentation of their security practices. If they don't have it, don't do business with them. Contact Ankota for a copy of our Patient Privacy & Compliance Statement to see what one should look like.
- Understand what your current insurance coverage includes, and, perhaps more importantly, what is not covered. Consult with an expert like IronRisk, LLC to understand what options exist to address cyber liability. This is an insurable risk.
- Report a breach immediately and cooperate fully with authorities.
What should providers expect? As providers focus even greater efforts on managing Care Transitions to reduce avoidable readmissions and lower overall costs, models will get even more complex. Accountable Care models and Care Coordination initiatives will drive the demand to share more and more data among providers. The proliferation of mobile devices like smart phones and tablets are also raising the stakes on an already complex issue. These devices need not be a threat, and should bring immediate boosts to productivity.
Five Keys to Discovering Hidden Data Security Risks, HealthcareIT News
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, Department of Health & Human Services
Healthcare Data Breaches Up 97% in 2011, Healthcare IT News