The doctor-patient relationship has always involved a certain level of privacy. But over the years, the stakes for healthcare providers who violate patient privacy have increased exponentially. Barely two months into 2017 and already we are seeing increased activity.
According to a newly released report from Protenus,
in conjunction with databreaches.net
, January saw 31 healthcare data breaches disclosed resulting in the exposure of 388,307 patient and health plan member records.
The largest healthcare data breach reported last month involved CoPilot Provider Support Services, Inc.
and impacted 220,000 individuals. However, the breach actually occurred in October 2015, with CoPilot discovering the incident two months later in December 2015. The Department of Health and Human Services
' Office for Civil Rights
, however, was only notified of the breach in January 2017, well outside the 60-day deadline for reporting breaches.
According to the report, the average number of days between the breach occurring and the incident being reported to OCR was 174 days. It took an average of 123.5 days for healthcare organizations to discover a breach had occurred.
Those healthcare entities affected by data breaches are finding themselves having to pay significant penalties. Case in point, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), recently announced the first HIPAA settlement based on the untimely reporting of a breach of unsecured protected health information. Presence Health
, one of the largest healthcare networks serving Illinois, agreed to settle potential violations of the HIPAA Breach Notification Rule
by paying $475,000 and implementing a corrective action plan. Read More>>