Go Utah Go!
Utah Medicaid confirmed that on January 15, 2012 they had a data breach of 6,000 beneficiaries.
10 months earlier, data on 780,000 people was stolen from the same agency.
Then in November of 2012, Utah’s state insurance exchange was hacked with a “graffiti attack”.
Why do we hear mostly about these huge breaches?
That’s quite simple actually. Just like any disaster, those with large numbers make the news.
- A tornado that flattens 1 house is not news…
- An oil spill in a pond is not news…
- A car crash is not news.
- A tornado that flattens a town is news…
- An oil spill that affects an entire coast line is news…
- A multi-car pileup on the highway is news.
Similarly, when thousands of people are involved in a data breach vs. hundreds, we hear about the thousands.
I think this may actually be an issue as to why many medical offices just don’t take HIPAA very seriously.They look at the news and only see hospitals or large government facilities being hung out to dry for HIPAA violations.
The impression then is: Heck, they won’t come after little ‘ole me…
The errors in that kind of thinking are many, and I won’t go through them here, but remember, just like failing to pay your taxes can close your practice…so can ignoring HIPAA.
Some more details on the most recent PHI data breach:
- A contractor’s employee lost a flash drive containing PHI on 6,000 people
- Did they have a Business Associate’s Agreement? They don’t say.
- How do you prevent something like this? It is extremely simple: Encrypt the thumb drive!