A data breach that involves medical records or sensitive health information can create serious problems for those affected.
Patients whose records or health information have been compromised can face issues such as identity theft, insurance policy penalties, medical malpractice, and breaches of contract.
Healthcare providers are expected to follow a set of standards under the HIPAA act to prevent these types of medical data breaches from occurring.
It’s important to understand how a HIPAA data breach can occur, how to spot common vulnerabilities, and what legal options you have in the case of a HIPAA breach.
Understanding HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 as federal law, setting forth security standards for healthcare providers and handlers of medical records or patient health information (PHI).
According to the CDC, entities covered under this law include:
- Healthcare providers, regardless of size, from hospitals to small dental offices.
- Health plans such as those from insurance providers.
- Healthcare clearinghouses that handle patient health information and medical data
- Business associates or individuals who work with or around patient health information
Since medical data is held in a variety of formats and handled by many different entities, the standards of HIPAA serve as guidelines.
In other words, these entities must use their best judgement and put forth reasonable effort to comply with the following guidelines:
- Patient health information and medical records must be kept confidential and only accessible to the patient, medical practitioner, or permitted parties that are specified or also in compliance.
- An active effort must be made to anticipate threats to the security or confidentiality of patient information or healthcare records.
- Strict permissions and guidelines must but in place to prevent unlawful disclosure of patient information.
- Certification and training of the workforce in handling patient data under HIPAA compliance standards.
Vulnerabilities that Lead to a HIPAA Breach
When people think of data breaches, the image that comes to mind typically involves computer hacking or stolen passwords.
However, while there are technical vulnerabilities that can lead to a HIPAA data breach, there are many human errors that can cause the same violations.
Here are some scenarios that might cause sensitive patient information to be leaked or illegal accessed:
- Poor password habits: A password that is improperly stored, such as in a plaintext document such as a spreadsheet or on sticky notes, is a common vector for HIPAA data breaches. Poor habits and a lack of a secure password policy can also lead to passwords that are predictable and easy to guess.
- Unencrypted transmission of PHI: Emails are among the most compromised data channels across many industries. There are extra layers of encryption that any healthcare provider should implement when sending any attached health records that include sensitive patient information.
- Outdated technology: Old software and computers lack the modern security updates of more recent platforms and are more susceptible to data breaches. A dental office that still uses a server from 2003 or Windows XP operating systems, for example, is likely violating HIPAA guidelines by refusing or delaying upgrades to secure platforms.
- Unsecure networks: When you enter a hospital or doctor’s office, you probably connect to a guest Wi-Fi network while waiting in the lobby. It’s important that this network is kept separated from that of the staff, who are handling sensitive patient information that could be easily breached otherwise.
- Faulty Permission Settings: Patient databases and other types of healthcare software are built upon the concept of permissions. A receptionist’s account should not have the ability to create prescriptions, for example, or view or download certain types of patient data that only doctors have access to. If a healthcare office is sharing permissions or not setting the right parameters, HIPAA violations can occur due to the levels of unrestricted access.
These are just a few ways patient data can be mishandled and fall in violation of HIPAA standards.
Clearly, some cases are a result of hacks and intentional harm, while many more are a result of carelessness and insecure handling of patient information.
HIPAA Breach Lawsuits
The serious nature of patient health information and how it should be handled can lead to cases that involve data breach lawsuits.
HIPAA breaches might lead to scenarios where affected patients are harmed due to the compromised information.
For example, if a healthcare provider sends too much information to an insurance provider, this oversharing of data can lead to a costly insurance penalty for the affected patient.
Contact a Medical Data Breach Legal Professional
If you believe your health information or other sensitive data has been compromised in a HIPAA breach or other type of data breach, you may be entitled to compensation.
The attorneys at Anderson + Wanca are experienced in handling investigations, legal claims, and class action lawsuits involving medical data security and healthcare cyber-attacks.
If you were the victim of a data breach or have received a HIPAA breach notification, contact Anderson + Wanca at (855) 827-2329 or use our contact form to receive a free consultation from our experienced data security attorneys.