People have gotten so accustomed to hearing about and possibly being impacted by security breaches of their private information that often times very few pay any attention to the news stories about it or check to see if their information was part of the breach. These types of breaches feel impersonal, indiscriminate as to the individuals, simply looking for a way to gain financially from our information.
However, another more personal side to privacy breaches in healthcare exists that seldom even makes it into the news unless a famous person is involved. What I am referring to is when individuals who have access to patients’ information access it for their own curiosity or for other more nefarious reasons. This is when it becomes personal.
According to the 2015-2017 report to Congress, the number of breach reports affecting fewer than 500 individuals, which includes are as follows:
- 2015 – 57,608 reports affecting 623,597 individuals
- 2016 – 58,704 reports affecting 272,736 individuals
- 2017 – 60,322 reports affecting 270,329 individuals
In each of those years, the largest percentage of the reports came from healthcare providers (90-91%). Also notable is that 91-93% of the reports were due to unauthorized access or disclosure. Only 1-3% were due to hacking, with other causes including theft, loss, or improper disposal. Included in the numbers due to unauthorized access or disclosure are more specific causes, like giving discharge paperwork to the wrong person; emailing, mailing or otherwise disclosing patient information to the wrong patient; employees or other members of the workforce looking at patient information out of curiosity or to be able to tell others what is going on with a certain patient; employees or other members of the workforce talking about a patient to others who are not involved in the care of the patient.
As UMC strives to be a highly reliable organization, meaning to cause zero patient harm, remember that harm is caused when we fail to protect patient privacy. Patients rely on us, they trust us, to protect their privacy when they come to UMC for care. We owe it to them to deserve that trust. Let’s commit to making sure no UMC patients are included in the numbers reported to Congress for 2020 and beyond.
Lana Daniel, Chief Compliance Officer, 761-0984
Shauna Baughcum, Assistant Director, Corporate Compliance, 761-0986