|
Nearly 8.3 Million Individuals Impacted by 249 Privacy and Security Breaches Reported by HHS; More Training on Safeguarding PHI RequiredThe HHS Office for Civil Rights (OCR), which is responsible for privacy and security enforcement under the Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act provisions that strengthened privacy and security enforcement, is required to post those breaches on its Web site. As of March 17, 2011, OCR had posted on its Web site 249 breaches that had impacted 8,289,236 individuals reported by covered entities. With regard to the 177 privacy and security breaches involving electronic PHI, 104, or approximately 59%, involved laptops and portable electronic devices (PEDs)—not otherwise identified. All but 4 of these reported breaches of laptops and PEDs involved theft or loss. These breaches should not be occurring! Covered entities and business associates should be encrypting their electronic PHI on portable and mobile devices. Clearly, they should be emphasizing safeguard policies and procedures such as encryption of electronic PHI, and initiating a meaningful training program for workforce members on “awareness and understanding” of and abiding by those policies and procedures. |
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter