October 30, 2015
Fascinating FAQs…The healthcare IT world is bursting with distinctive terms, facts, acronyms, and labels. These can be quirky or downright funny, and they can be dead serious. Others seem so prosaic you’d think anyone would recognize them — but most people don’t have a clue. Nevertheless, these are HIT-related terms and facts that most healthcare professionals should understand, and don’t. That’s the rationale for our Fascinating FAQs series — FFAQs –only on Fridays.
Today’s FFAQ: What is healthcare’s “Wall of Shame” and why should you care?
Believe it or not — the “Wall of Shame” is a fixture in the Department of Health and Human Services that is required by law. It is displayed prominently on the HHS website, and its function is to list any and all healthcare organizations that have reported health information breaches affecting 500 or more individuals.
As of August 7, 2015, HHS had listed 1,282 breaches affecting a total of 143.3 million individuals since 2009. Every healthcare organization that experienced these breaches is named, and various details are provided.
The HITECH Act (section 13402(e)(4) requires HHS to post this list of breaches of unsecured protected health information, widely known as its “Wall of Shame;” but HITECH did not come up with the unfortunate label. That just kinda…happened, and the name has stuck.
HHS’ name for the list is the Breach Portal. Displayed in an interactive, searchable format, the portal serves up all the juicy details — type of breach (e.g. theft, hacking, improper disposal), location (e.g. laptop, server, EMR), number of individuals affected, and more. It includes brief summaries of the breach cases that have been investigated and closed. You can go and dabble around with the list here.
HHS has posted the list since October 2009. Ironically, the first breach recorded was a government hospital, Brooke Army Medical Center in Texas.
The watchdog site Data Breach Today tracks and reports on these privacy and security breaches. It has determined that the top five data breaches in 2015 are as illustrated here, and together represent nearly 70% of all victims. The infamous Anthem breach announced in February leads the pack. Massive breaches, particularly hacker-related ones, are on a steep rise.
The latest data breach qualifying for the Wall of Shame is the North Carolina Department of Health and Human Services, who reported on October 17 that an unencrypted email sent to more than 1600 Medicaid patients may have compromised their confidential health information.
NOTE: the press follows the HHS list diligently, and loves to trumpet the latest and worst. This news has proven to be worrisome and unnerving to communities, especially patients. Showing up on the “Wall of Shame” is not a distinction your organization would ever want– or should ever be vulnerable to.
To discuss more about HIPAA / HITECH privacy and security, and how your organization is affected, please contact us.