Login Register Subscribe
Current Issue

Stolen medical records not limited to health care organizations

Reprints

The issue of stolen medical records extends beyond the health care industry, affecting 18 out of 20 industries examined by Verizon Communications Inc. in a study issued Thursday.

And the insurance industry is a “prime example” of a sector that collects protected health information that is not directly related to health care.

The Verizon 2015 Protected Health Information Data Report is based on data from Verizon's Data Breach Investigations Report, which provides an analysis of private health information breaches involving more than 392 million records and 1,931 incidents across 25 countries.

The study found that while the vast majority of breaches are associated with health care organizations, all but two of the remaining 19 industries have had breaches associated with them as well. The exceptions are utilities and management firms.

The report states other industries beyond health care may collect protected health information through workers compensation claims and their wellness programs.

The information may also be obtained by companies through managing their employee health insurance programs, says the report.

“Whether they manage these programs directly (as self-insured entities) or they are getting information from the partner that handles this type of benefit, these can be sources of (protected health information) in organizations that are not covered” by the Health Insurance Portability and Accountability Act of 1996.

“Apart from employees, many organizations collect (protected health information) as part of doing business with their customers,” the study also says. “The insurance industry is a prime example, and one where we have seen some very large data disclosures recently. The fact that an organization is not in the health care industry, or isn't a HIPAA-covered entity, doesn't mean that it's not at risk of a (protected health information) data breach.”

“Many organizations are not doing enough to protect this highly sensitive and confidential data,” Suzanne Widup, senior analyst and lead author of the report, said in a statement. “This can lead to significant consequences impacting an individual and their family and increasing health care costs for governments, organizations and individuals. Protected health information is highly coveted by today's cybercriminals.”