Academic Master

Health Care

Assessment: Breaches in the Healthcare

The purpose of this paper is to analyze the data provided by the “U.S. Department of Health and Human Services Office for Civil Rights” to review the breaches of unsecured health information. In this report, breaches type, names of the covered entity, types of covered entities, individuals affected, location of breached information, and breach submission dates are evaluated.

Covered Entity Type Where Breaches are Reported

The top three covered entity types where the breaches have been reported are health plans, business associates, and healthcare providers. Among all, “healthcare providers” are the top covered entity type with almost 59 breaches reported, 18 in the year 2023 and 41 in the year 2022 where types of breaches including hacking and unauthorized access occurred.

States Where Breaches are Reported

The states that were majorly affected by the breaches are Los Angeles, Texas, and Wisconsin in the year 2023 and Texas, Missouri, Los Angeles, Oklahoma, Illinois, Michigan, Indiana, West Virginia, California, and Pennsylvania in the year 2022.

Type of Breach Reported

The data and information related to patients’ health were compromised due to the hacking of servers, accessing electronic records by unauthorized personnel, incorrect email addresses, and theft or loss of computer systems (U.S. Department of Health & Human Services – Office for Civil Rights, n.d.).

Number of Individuals Affected

The top entity type “healthcare providers” where the breaches were reported affected the people most with approximately 883,047 individuals in the year 2023. The number of individuals affected by “healthcare providers” entity type breaches in the year 2022 was 3,971,376 in numbers. Furthermore, the entity type “business associates” reported 74,574 individuals were affected in the year 2023 and approximately 1,206,554 in the year 2022. Lastly, the entity type “health plan” breaches affected 11,378 in the year 2023 and 71,192 in the year 2022.

Type of Breach and Month/Year When Breaches were Reported

The breach “Hacking/IT Incident” in “Network Server” locations was mostly reported in the year 2022 approximately 40 times and 15 times in 2023. Secondly, the breach (Hacking/IT Incident” in the location Email was reported 5 times in 2023 and 13 times in 2022. On the other hand, the breach “Unauthorized access/Disclosure” occurred in the location Email only once in 2023 and 6 times in 2022. Moreover, the breach of “Unauthorized access/Disclosure” in the location of Electronic Medical Records occurred 4 times in 2023 and 5 times in the year 2022. In a nutshell, the month where hacking in Network Server occurred mostly was in November 2022 with 877,584 individuals affected in Michigan. The month where most Hacking/IT incidents in Email location breaches were reported was January of 2023 with 193942 individuals affected in North Carolina State. Lastly, the month when the most breaches were reported in the type “unauthorized access in Electronic Medical Record” was in January 2023 with 134000 individuals affected in the Wisconsin State of America.

Summary and Trends Compliant with Healthcare Organizations

Business associates are the firms that have the utmost responsibility to handle and protect health information as they are responsible for data safety in the organization. Business associates and their responsibilities include information related to medical billing businesses, hosting companies, health care coding outfits, and shredding services that need to be stored safely and corrective actions are mandatory for ensuring safety checks (Smith, 2016). The type of breaches that occurred in the business associate entity type including breaches in network servers, email, and electronic medical records suggests the trend that business associates need to have rules, policies, and protocols for how each patient’s information is handled and stored in the health plan. Furthermore, health plans need to be ensured that patient information is stored safely and appropriately. Employees need to know the appropriate procedure for collecting, handling, and storing certain information and also should know how to limit access so that only authorized personnel can access it (Wikina, 2014).

In conclusion, the evaluation of the data provided by the Office for Civil Rights on Breach Portal provided the insight that a policy should be put into effect that data security, stewardship, and employee training must be provided to employees when working with sensitive organizational data and patients’ information (Arain et al., 2019).

References

Arain, M. A., Tarraf, R., & Ahmad, A. (2019). Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. Journal of Multidisciplinary Healthcare, 12, 73.

Smith, T. T. (2016). Examining data privacy breaches in healthcare. Walden University.

U.S. Department of Health & Human Services—Office for Civil Rights. (n.d.). Retrieved January 20, 2023, from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Wikina, S. B. (2014). What caused the breach? An examination of use of information technology and health data breaches. Perspectives in Health Information Management, 11(Fall).

SEARCH

Top-right-side-AD-min
WHY US?

Calculate Your Order




Standard price

$310

SAVE ON YOUR FIRST ORDER!

$263.5

YOU MAY ALSO LIKE

Pop-up Message