In a recent article published by sfaxme.com, author Ashleigh Brown discusses important discoveries in data breaches caused by the use of emailed personal data.  The article noted that since the August 2009 Breach Notification Rule came into existence it has been clear to everyone just how frequently healthcare and patient data is compromised across the nation. That rule requires that HIPAA-covered organizations must notify patients or their next of kin of any security breaches involving 500 patients or more, within 5-60 days after the discovery of the breach – varies based on the state the breach occurred.

One such breach which recently occurred at the Regional Medical Center in Memphis, Tennessee was discussed in the article.  In that instance, three unsecured emails containing names, account numbers, phone numbers, physical therapy data, dates of birth and even social security numbers for almost 1200 patients were sent in Autumn 2012.

However, the breach was not discovered until March 2013, and whilst there is no reason to suspect that the data was accessed by anyone outside of the Medical Center, the fact remains that there was a severe breach of security that could have resulted in a huge amount of damage.  Any innocent mistake such as this can easily lead to serious consequences.  Safeguards need to be in place to prevent this kind of data breach from happening.

Another example of where patient confidentiality had been compromised was in December 2012 and February 2013, at Hope Hospice in Texas. A member of staff emailed a report of patient referrals and admissions to themselves on two separate occasions without any form of security. 818 patients were affected by this breach, and their names, insurance information, referral information, clinical chart data, county and date of discharge were all compromised. Regardless of the intention of the staff member or the result of the breach, using email for sensitive, personal, private data is simply not acceptable.

Since August 2009, HHS data shows that 214,000 individuals have had their data reported compromised in Texas, and 1.2 million in Tennessee, that is almost 1/5 of the entire population of the state of Tennessee! Nationwide there have been 21 million individual patients who have had their data reported as compromised by their healthcare providers. Because the Breach Notification Rule does not require that breaches involving less than 500 patients be reported, some estimate that the actual number of patients affected across the US may actually be closer to 40-45 million.

Clearly the current systems are failing, and something needs to be done to change the status quo.

Ms. Brown goes on to discuss the following:  “We believe this is where we come in. SecureCare is dedicated to protecting sensitive information.  We blend innovative ideas and cloud technology to exceed HIPAA regulations.  All our team members are HIPAA trained.  By leveraging the highest levels of security and establishing new ways to securely exchange documents, users have easy to use, high performance solutions that remove the temptation to send data by unsecured channels.  Plus, they get a full document audit trail. By working together, we can ensure that organizations avoid the severe penalties resulting from these breaches and associated damaging affects.”

~      ~     ~

It is important to understand how easily data can be breached and to safeguard transactions which occur electronically (such as email) which contain sensitive information.  It is the responsibility of the company or individual transmitting the email to take due care in protecting the information contained therein.  -KIS