Healthcare Data Breach Enforcements and Fines At A Glance

Healthcare Data Breach Enforcements and Fines At A Glance

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Enforcement of the Privacy Rule began on April 14, 2003, while enforcement of the Security Rule began on April 20, 2005. Furthermore, covered entities and business associates were required to comply with the HIPAA Breach Notification Rule beginning on September 23, 2009. ….

healthcare-data

Causes of Healthcare Data Breaches

Causes of Healthcare Data Breaches

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches of unsecured protected health information (“PHI”).1 The information provided to HHS provides companies with a high level of insight concerning the types of breaches that occur in the healthcare industry.
The data collected by HHS concerning breaches affecting 500 or more individuals in 2015 shows that unauthorized access or disclosure, such as misdirected mailings, break-ins of physical premises, and employees accessing PHI that is not necessary for their duties, is the most common form of data breach in the health sector – surpassing theft of hardware, which was the leading cause for health data breach in 2014. …causes-of-healthcare-data-breaches