Health care is not the only industry that leaks your personal health information (PHI) according to Verizon. Businesses in every industry collect health data on their employees. Whether it’s for wellness programs and employee benefits or workers’ compensation, there are many ways employers and businesses can get hold of your health data.
The problem is most of these businesses do not fall under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and are not required to keep your PHI confidential. Some may even sell your data to interested third-parties. So it’s not too surprising that many data health breaches that occur are from these non-health businesses according to this revealing report from Verizon’s business division.
The Verizon report counted 1,900 data breaches that represent nearly 400 million stolen health records. And the actual number is probably much higher since many companies don’t report when a breach happens. Clearly, too many companies outside of health care don’t make PHI security a priority.
Interestingly, these data breaches aren’t always the result of sophisticated hackers. The cause turns out to be much more banal — lost and stolen laptops. Anyone who finds a laptop with an unencrypted database has access to all that data. And such laptops are remarkably hard to trace.
Even within the healthcare industry, reports have shown that 90% of hospitals have lost patients’ medical records. The U.S. Department of Health and Human Services Office for Civil Rights (OCR), which is in charge of enforcing HIPAA Privacy Rule says, “All too often we receive complaints of records being discarded or transferred in a manner that puts patient information at risk.”
In one incident in 2008, a retiring physician reported that Parkview Hospital dumped 71 cardboard boxes of former patients’ medical records “unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue.” Parkview was eventually dinged $800,000.
So make sure — no matter what your industry — to choose vendors that you trust and to train your people to protect health data. After all, a major health info breach could just be a lost laptop away.
Learn more about how VSee is HIPAA-compliant.