According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more startling by the fact that the number of breached patient records in 2018 is three times greater than the number of records breached in 2017.
As evidenced by the Protenus data and information reported by the U.S. Department of Health and Human Services (“DHHS”), Office of Civil Rights (“OCR”), a growing number of these breaches relate to third-party hacking, ransomware, and related malware incidents (collectively, “Hacking/IT Incidents”). As such, the OCR data shines a bright light on the obvious difficulties that healthcare entities (“Covered Entities”) covered by the security and confidentiality requirements applicable to protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 and 45 CFR Parts 160 and 164, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”) (collectively referred to hereinafter as “HIPAA”).
The following examines representative HIPAA settlements and rulings from 2018, and considers the 2018 breach statistics and the growing security risk associated with Hacking/IT Incidents. Continue Reading