When the HIPAA breach notification rule came to effect in September 2009, OCR started tracking breach incidents affecting 500 or more individuals. Since then, a huge number of security breaches have been added to the tally. The past month was the second in a row, which witnessed a high number of breaches adding up to the current tally.

The disturbing fact is that 79 breaches have occurred since the beginning of this year, affecting nearly 1.9 million individuals. It has been identified that the most common cause for data breach is the loss or theft of unencrypted storage devices. Nearly 53 percent of all the breaches that have occurred from September 2009 have resulted from loss/theft of storage media or devices.  This has been the cause for 11 breaches in the past month alone.

Over 21 percent of the major breaches have been attributed to Business Associates. This includes at least six cases which have been added in the recent weeks.

Unauthorized Access- A Growing Cause of Breaches

It is alarming to note that the largest breach incident added to the tally of breaches in the last month involved unauthorized access to records. The Memorial Healthcare System incident involved improper access to patient information through a web portal used by physicians. It was while reviewing the patient information systems that the improper access of an employee of an affiliated physician’s office was discovered. Although no medical records were changed or deleted, patients’ names, dates of birth, SSNs etc may have been put at risk. The entity however took immediate remedial action by contacting law enforcement and later notifying the patients about the incident as quickly as possible.

In a similar incident, federal authorities arrested a former Florida Hospital Celebration emergency department staffer who allegedly accessed 760,000 patient records and sold patient health information of over 12,000 accident victims.

How Can You Prevent Unauthorized Access?

Detailed access-audits of health records can come a long way in clamping down incidents of unauthorized access. St. Domini-Jackson Memorial Hospital in Mississippi, for instance, has been able to successfully bring down incidents of inappropriate access from 50 a month to less than two every couple of months, according to Dena Boggan, a HIPAA privacy/security officer. This has been possible because the hospital has adopted an access-monitoring system that provides alerts and daily reports on data access.

This clearly brings the need for an automated security monitoring and management solution to the forefront.  SecureGRC, for instance can provide the capability to audit user activity and automatically report it at the right time thus eliminating the possibility of data breaches.

The post More Breaches Added to Federal Tally appeared first on Aegify.