This afternoon, I received word that Veriphyr, a provider of SaaS Identity and Access Intelligence services, announced the results of new survey on Protected Health Information (PHI) privacy breaches. According to the report,
More than 70 percent of the organizations in the study have suffered one or more breaches of PHI within the last 12 months. …
Insiders were responsible for the majority of breaches, with 35 percent snooping into medical records of fellow employees and 27 percent accessing records of friends and relatives.
Some interesting statistics:
Top breaches in the past 12 months by type:
- Snooping into medical records of fellow employees (35%)
- Snooping into records of friends and relatives (27%)
- Loss /theft of physical records (25%)
- Loss/theft of equipment holding PHI (20%)
When a breach occurred, it was detected in:
- One to three days (30%)
- One week (12%)
- Two to four weeks (17%)
Once a breach was detected, it was resolved in:
- One to three days (16%)
- One week (18%)
- Two to Four weeks (25%)
79% of respondents were “somewhat concerned” or “very concerned” that their existing controls do not enable timely detection of breaches of PHI
52% stated they did not have adequate tools for monitoring inappropriate access to PHI
The report’s conclusion was not surprising:
Respondents who indicated strong satisfaction with their monitoring tools also tended to report fewer breaches of PHI and faster resolution times. The reverse is also true: respondents who indicated dissatisfaction with their monitoring tools tended to report more breaches and longer resolution times.
- Cautiously trust, but verify the internal folks. They are the biggest breach threat.
- Do you want to tackle and solve your privacy breach problems? Good tools really do help.