Arizona saw nearly 80,000 patient records breached in the first half of 2019 alone. Despite everything health care professionals do to lock up patient information, some experts say data safety is in crisis.
In the future, more people will likely get all the information they need when they need it. But more points of access can make it harder to tell a breach from business as usual.
Consider the basic idea of patient data security from the U.S. Department of Health & Human Services (HHS):
So, a data breach is simply an impermissible use of protected information. It is the wrongful use of data by the wrong person.
In health care, the data might be about your health history, social security number, contact information and your payment information. It can also be information that hurts security itself, including the organization’s passwords, procedures and tools for preventing future breaches.
What if a trustworthy but unauthorized person accidentally saw the private data? Or what if someone accidentally put it on the web without a password for a while, but nobody seemed to visit the website during that time?
The rule at HHS is the event is a breach. But if the business shows it is unlikely any harm was done, the HHS can change its mind. Showing this could involve a mix of factors:
The HHS may not assume it was a breach in situations such as:
The business must notify the affected customers, the media and the HHS within 60 days after they discover the breach.
Fields marked with an * are required