Friday, May 25, 2012

One Year Later: Why Hasn’t Data Security Improved?

It has been almost a full year since we last wrote about a major breach in hospital patient data, but that doesn’t mean these events haven’t been happening. From 2010 to 2011, data breaches in the health industry increased by 32%, and analysts predict that number will increase again this year.

Another recent breach has been making headlines this week, and this case contains some very familiar elements.

A Boston Children’s Hospital employee apparently misplaced a company laptop while attending a conference in Buenos Aires. The laptop contained sensitive information on over 2,100 patients. Boston Children’s immediately contacted the families involved, and released an official announcement about the breach.

Two major facts stand out in the case, and they are points we have mentioned in the past.

1. The data was lost due to human error, not cyber crime.
2. Data on the laptop was not encrypted, but was protected only by a simple log-in password.

These are the same problems that have been plaguing health data security for the better part of a decade. Poorly trained employees and lax security leading to another easily-avoidable breach. Despite the efforts of CMS and HIPAA, nothing seems to make a dent in curbing these mistakes.

What do you think it will take to put an end to this kind of data breach? Are larger fines necessary? Is it simply a matter of internal training and structure?

Tell us your opinions in the comments below, and we’ll share your solutions in an upcoming response post!


Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at

No comments:

Post a Comment