The Ongoing Threat of a HIPAA Breach

It couldn’t happen to us.

I doubt anyone still feels that a HIPAA breach is impossible in their organization.  Results speak louder than words. 

A quick search reveals that every year there is a large number of breaches in the US.  There is no doubt these organizations know the threat of HIPAA breaches have taken some number of steps to protect against a breach but there is always more that could have been done to reduce/eliminate the exposure. Even the smallest of violations of HIPAA can harm patients and tarnish trust, according to this article Small Violations of Medical Privacy Can Hurt Patients and Erode Trust by Charles Ornstein at 

Our company is in the middle of a network audit.  Threats evolve and the process of keeping our network safe is just that, an ongoing process.  It’s a little discouraging to know that once the audit is done, the list of weaknesses prioritized and the highest priorities acted upon, that we will still be at risk of breach.  Every organization is always at risk.

I was curious to see what kinds of breaches have happened recently.  I found the article 2015 Healthcare Security Breaches in IT News that had a PowerPoint™ slide deck listing dozens of examples.  Every example seemed to described a different exposure.  Internal threats.  External threats.  Simple mistakes.  Stupid mistakes.  Malicious intent.  Malware.  Ransomware.  Curiosity.  Data in motion.  Data at rest.  Paper.  Images.  Electronic documents.  Email.  They are all possible points of failure.  The list of exposures is very long and the pain can be very great for both the organization and of course the patient.

The pain can be negative publicity or a nasty fine.  There will also be requirements to:

  • Remediate the current situation and addressing the future
  • Create a written plan to better assure safe handling of patient information
  • Prove the plan has been implemented
  • Audit to prove all the effort worked

This makes a strong case for being proactive. Extract delivers a number of solutions for automated document handling that include the elimination of paper documents and eliminating sensitive information from valuable documents that are too important to delete from the database.  This technology locates and redacts sensitive information, like credit card numbers or patient identifiers (names, addresses, patient ID numbers, phone numbers, etc.) so that even if the network were to be breached, the sensitive information no longer exists in the database and therefore can’t be stolen.

Trying to visualize what this looks like? Don’t worry, you can watch a quick video that explains everything.

About the Author: David Rasmussen

With 30 years’ experience leading software companies, David is driven by the challenge to consistently find groundbreaking ways to solve customer problems and finds it rewarding to hit the customer’s target and create a great team, build a solid infrastructure, and emerge with a strong value proposition.