Lessons not yet learned

For those readers who do not regularly read the companion breach site, DataBreaches.net, there have been five healthcare-related breaches reported in the past seven days.  Two of the reports involved paper records and improper disposal.  The other three incidents involved theft from business associates or third parties.   In all three of the theft cases, the stolen data were not encrypted at the time of theft.

What will it take before HIPAA-covered entities get the message that they need better protection for both data at rest and data in transit?

If you are a HIPAA-covered entity, check — and doublecheck — your contract with business associates in terms of what you are requiring in terms of security, and then don’t assume that they are living up to the terms of the contract.

To keep track of healthcare-related security and privacy breaches, check the Medical category on DataBreaches.net.

About the author: Dissent