January 28 marked Data Privacy Day 2017, an international effort to promote awareness about respecting privacy, safeguarding data, and enabling trust. While they may have been hesitant initially, healthcare organizations have started to fully embrace cloud technology. In fact, a recent survey by HIMSS Analytics found that 83% of healthcare organizations are currently using cloud-based applications. Furthermore, the cloud computing market in healthcare is expected to grow at a 20.5% compound annual growth rate to reach $9.48 billion by 2020.
According to the Office of Civil Rights, the top ten data healthcare breaches from 2015 alone resulted in over 111 million patient records being compromised. Just this week, hackers infiltrated the World Anti-Doping Agency’s athlete database to expose private medical information concerning Serena Williams, Venus Williams and Simone Biles. According to IDC’s Health Insights group, 1 in 3 healthcare recipients will be the victim of a data breach this year. Today’s healthcare organizations are failing in the battle against cybercrime primarily because their IT teams are using an outdated arsenal of tools.
As of July 31, 2016, OCR had received over 137,770 HIPAA complaints and initiated over 885 compliance reviews. While it has resolved the vast majority of these cases, OCR still has over 5,000 open cases. These are just some of the noteworthy listings.
| Entity |
Settlement |
Date |
Key Allegations |
| Care New England Health System (CNE) Advocate Health Care Network |
$400,000 + $5,550,000 |
September 23, 2016 August 4, 2016 |
Business associate agreements not up to date Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements |
| University of Mississippi Medical Center |
$2,750,000 |
July 21, 2016 |
Policies and procedures lacking |
| Oregon Health & Science University |
$2,700,000 |
July 18, 2016 |
Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements |
| Catholic Health Care Services of the Archdiocese of Philadelphia |
$650,000 |
June 29, 2016 |
Policies and procedures lacking, Insufficient risk assessment |
| New York Presbyterian Hospital |
$2,200,000 |
April 21, 2016 |
Disclosure of two patients’ PHI to film crews and staff during the filming of television series |
| Raleigh Orthopedic Clinic, P.A. |
$750,000 |
April 19, 2016 |
Lack of business associate agreements |
| Feinstein Institute for Medical Research |
$3,900,000 |
March 17, 2016 |
Policies and procedures lacking |
| North Memorial Health Care of Minnesota |
$1,550,000 |
March 16, 2016 |
Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements |
Contact Crossroads Technologies today to find out how we can help you be better protected.