According to the U.S. Department of Health & Human Services’ Breach Portal, sometimes called the “Wall of Shame,” 418 breaches of HIPAA were reported in 2019. Some 34.9 million Americans had their protected health information (PHI) compromised. How is this still happening?
Healthcare companies and practices make the biggest mistake by believing human behavior can be perfect all the time. … [R]esulting from this assumption about human behavior, healthcare providers cheap out and refuse to pay for sufficient security measures for their network. A cheap security system may not contain proper firewalls and leave devices vulnerable, while wholly unencrypted devices can be a nightmare. Healthcare employees leave their cell phones, laptops, or iPads in their vehicles while they run out for coffee or to the grocery. And what happens next? The vehicles are broken into, and PHI is at risk.
I think there is another erroneous assumption that employers make: they assume their business model will continue to be the same.
It is so easy when putting a deal together, to come up with workflows and policies that make the deal compliant. But as time goes on, the business model shifts, even slightly, in a way that makes the previously workflow and policy no longer compliant.
As a result, as part of their ongoing Compliance Program, Covered Entities should routinely audit their HIPAA Privacy and Security standards to ensure they are evolving with their business.
Source: Ways your Healthcare Company is Breaking the Law — Without Realizing it