May 2018 Data Breach Report
Written by Alexa Treubert
With MD Anderson being slapped with a massive $4.3 million dollar fine for violating the HIPAA Privacy Rule, the healthcare and IT communities were eagerly awaiting the release of May 2018’s data breach report. With April consisting of 41 reported incidents, people were hoping to see a decline in the amount of cases. Sure enough, 29 incidents occurred in the month of May; significantly less than those in April. However, this does not necessarily mean it was a better month.
It is important to examine the amount of data exposed in each reported case. They logged 894,874 exposed cases in April and 838,587 in May. When in comparison, that is not a big difference at all. It is shocking to compare April and May to March, with only 331,837 exposed records. This leads to many questions, the main being, what is the cause?
According to the HIPAA Journal, “Unauthorized access/disclosure incidents were the most numerous type of breach in May 2018 with 15 reported incidents (51.72%). There were 12 hacking/IT incidents reported (41.38%) and two theft incidents (6.9%).”
With such a large amount of HIPAA violations, practices should be encouraging education on HIPAA more than ever. Check out our HIPAA course catalog here for some of the topics that should be covered in order to be compliant. We highly recommend our 3 refresher courses, that remind your employees about the importance of HIPAA. Data Security – Refresher, Social Media – Refresher, and Privacy – Refresher.
Despite the Office of Civil Rights (OCR) wanting to crack down on HIPAA violations and noncompliance, like seen with MD Anderson, there have been no penalties for the 41 cases in May thus-far. Massive fines can result from non-compliant practices, despite there being no prosecution as of yet. The OCR can still prosecute any of the reported non-compliance practices at any time. If you are to take anything from the large amount of violations in April and May, it should be to ask yourself, are you HIPAA compliant?