Protenus Q1 2018 Report Highlights the Problem of Insider Breaches in Healthcare

The Protenus’ quarterly breach barometer report is a compilation of data breach information provided by Databreaches.net and the artificial intelligence platform developed by Protenus.  The compiled information allows healthcare providers to track and analyze employee EHR activities.

This quarterly report provides an idea of the extent of insider HIPAA Rules violation and patient health information snooping. A major problem in healthcare is insider breaches but the greater concern is that many are not detected. Most insider breaches go on for months and even years before being identified.

According to the breach barometer report for Q1 2018, there are 1,129,744 records of patients and health plan members that have been viewed, exposed or stolen. More than one healthcare data breach occurred per day, with a total of 110 breaches reported for this first quarter.

Data breaches which affected more than 500 persons are announced publicly. Smaller data breaches are reported to the HHS’ Office for Civil Rights but they are not announced publicly. According to the Protenus A.I. platform analysis, one out of 1000 data breaches are disclosed to the public. Hence, there are many reported inappropriate access by healthcare employees to medical records that the public does not know of.

Many healthcare employees snoop on the healthcare records whether of family members, co-workers or neighbors. Unauthorized access to family member’s health records make up 77.10% of all reported insider snooping in Q1 2018. Accessing without authorization the health records of co-workers, neighbors and VIPs make up the rest of the reported insider snooping.

The prompt detection of these insider breaches is important to avoid further privacy violations. According to Protenus’ data analyses, there is a 20% probability that an unauthorized healthcare employee will commit snooping again within 3 months from the first incident. The probability of snooping again at least once in the next 12 months increases to 54%. Kira Caban, Protenus PR Director, said that the risk to healthcare organizations compounds over time when there’s no proper detection, reporting or education. Sad to say, most healthcare organizations do not have the capability to detect unauthorized access to medical records and privacy violations promptly. The average time to identify a patient privacy breach is 244 days.