Businesses involved in any phase of the delivery of health care to Americans need to keep a close eye on their methods, procedures, and practices designed to implement and enforce IT security. The need for this was made all the more apparent this week as word emerged from the federal government that the total tally of health care breaches will soon pass the 20-million mark. The government has kept running statistics since September of 2009 and it has calculated that in less than three full years, more than 400 separate breaches have affected more than 19 million individuals.
The government's figures only include breaches that affected at least 500 people at a time. This means that data from very small health-related businesses may not be included at all, yet these businesses must still meet the regulatory and compliance burdens imposed upon them by state and federal mandates seeking to protect the data privacy of Americans receiving health care services. Data has been tracked since September of 2009 because that is when the official ‘breach notification rule’ mandated by the HITECH Act first took effect.
Interestingly, only about 7 percent of breaches have involved hacking intrusions, while a majority of incidents has involved the loss, through carelessness or theft, of electronic media or devices that contained unencrypted patient information. This statistic makes the importance of encryption clear. Small and medium sized businesses can implement IT solutions such as encryption with the help of a managed programs staff that visits on a regular basis to install encryption programs and maintain them to ensure continuous and optimal performance.