Patients see media reports about hacking incidents at hospitals, doctors’ offices and other healthcare organizations and rightly worry about the safety of their personal information. The recent global ransomware incident that affected the National Health Service in the UK and others was only the latest in a string of malware attacks perpetrated against healthcare organizations worldwide.
As a matter of fact, the Department of Health and Human Services reported that WannaCry ransomware still threatens our nation’s hospitals, and that two large multi-state hospital delivery systems “are continuing to face significant challenges to operations.”
Patients have an ally in the fight to protect their privacy and personal data: The Health Insurance Portability and Accountability Act — HIPAA — provides robust privacy standards to govern the handling of sensitive patient data. It functions as a Patient Bill of Rights, but unfortunately, most patients don’t realize that, and too many healthcare organizations don’t meet their HIPAA obligations.
Because too few providers fully understand their obligations under HIPAA, and too few patients act on the protections it offers, patient data is at grave risk. The Identity Theft Center patients. Nearly 60 percent of the reported breaches happened at a healthcare organization.