Security Breaches: Surprising Fact of Employee Snooping
By Gil Vidals, , HIPAA Blog

Secure your healthcare information so you’re not at risk for security breaches!

According to a recent privacy breach survey of healthcare providers – 70% of which admitted to having at least one security breach – 35% attributed the breach to unauthorized access by their own employees.

Take note of that stat: essentially, the survey found that the most common cause of HIPAA security breaches is actually small-scale snooping that goes on in-house, by a company’s own employees.

The results went on to reveal that 27% of breaches occurred when an employee viewed the medical records of friends and family and 35% when employees checked the medical records of their work colleagues.

Secure and Appropriate Collaboration

It goes without saying that the need for collaboration among health professionals and their associates is essential. When teams can access and update vital records, including patient histories, X-rays, MRI’s, and more, care can be administered more effectively. With HIPAA protocols in mind, health teams must be able to retrieve, share and edit electronic protected health information (ePHI) in a secure interface, without the threat of outside access by malicious actors – or even inside snooping by employees.

Thankfully, there are user-friendly, secure, customizable file management solutions – such as HIPAA Drive by HIPAA Vault, that provide the in-transit and at-rest encryption protocols necessary to ensure data protection, utilizing a password protected link – all while working in different locations and even different operating systems.

More than Technology

Yet even as the technology does its part, proper risk assessments should always be conducted to review how ePHI is created, used, stored and shared. A proper assessment will be followed by a risk analysis, ensuring that:

  • access controls are in place, with logins and data access being logged and checked regularly
  • careful analysis of all IT systems is conducted to determine if there are vulnerabilities and weaknesses that could lead to an unauthorized disclosure of PHI
  • reviews are done as to how data is shared with Business Associates. Have they also conducted a similar risk assessment – overseen by your HIPAA Security Officer – to ensure that their file sharing practices are also HIPAA compliant?

The temptation is high for employees to cross HIPAA privacy rules. Training is essential, as well as appropriate access controls to limit accessibility to personal data. In coordination with a HIPAA compliant file management solution, these resources can be a significant help in limiting unauthorized access to ePHI.

About HIPAA Vault:

HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Advanced security measures are needed to ensure HIPAA compliance, and customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure and ensure that systems stay online at all times. www.hipaavault.com

Click here to learn about our HIPAA compliant solution for secure file syncing and sharing.

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.