We don’t have any hard numbers, but the feeling amongst our analysts ois that Accidental breach of Phi is likely by far the most common type. Accidental Breach you say? Just what is that?
An accidental breach should not be confused with a negligent or breach, although the lines indeed blur. For instance, throwing a printout of a patients lab order in the trash instead of shredding it would be a negligent breach, even though the person who did so might say “It was an accident!”.
I was recently a speaker for a dental study club. The topic of my talk was “How they Hack” where we followed the path often used by hackers and criminals that results in a breach. After my time was done, the next portion of the study club was an overview of a case that several of the attending Dentists and Orthodontists had worked on together.
A power point ensued and many of the slides contained PHI! Had the study club been a completely closed session with only Dental Professionals, this would not have been an issue at all, however; there were both vendors and food service staff present in the room! This was technically an accidental breach.
Things like this will happen, and no regulation, policy, nor procedure will stop them 100%. So what can we do as both healthcare and technology specialists? Learn from our mistakes and ask questions. In particular if there is any doubt get a second opinion and set of eyes on any situation that involves or has the potential to involve patient data. Also don’t sweat the “Little Stuff”, technology and security change in the coming year will give us all plenty of “Big Stuff” to worry about.
In an ever-changing threat environment how can we protect both PHI and other sensitive information? One method that is rarely used outside of large corporations is the art of deception. Utilizing deception as a tool for defense in the practice is easily done and costs little. One of the most commonly probed areas of your […] Continue reading →
Ransomware, that dreaded and feared sub-species of malware we all loathe. It’s been around a while now, and the days of single machine encryption and single Bitcoin payments are over. Yes like some living, breathing and toothy beast, Ransomware has evolved. Continue reading →
Social Media Security or lack of it can be a major resource for hackers. Criminals that want your data (and money) are like water. When in motion they will take the path of least resistance. That is not to say hackers are lazy, but more to the point is that hackers and other information criminals […] Continue reading →
An often overlooked area in data security is Physical Security. In the eyes of the government auditor (or attorney) it does not matter if the patients ePHI is stolen by a group of extremely savvy Russian hackers, or someone walks into the practice and steals a laptop or backup device, if effect either is a […] Continue reading →
Nearly every practice that we have performed a Meaningful Use Risk Assessment for this year has had a frequently overlooked but common security issue. This vulnerability is so common sense, yet overlooked, and has the potential to cost the practice hundreds of thousands of dollars, not to mention complete loss of confidence by patients. Continue reading →
Cyber Security can make or break your business so after you have had your security audit you will know where you need to improve to minimize the loss of data to your company. That is a great step to make. How ever with out cyber security training your staff about the dangers that are out […] Continue reading →
If you are a healthcare professional you are already aware that meaningful use compliance requires something called a “Risk Assessment”. If your business is not healthcare based, you might find it surprising that a Risk Assessment can be just as crucial to your business as it is to those healthcare firms who are required to […] Continue reading →