Keywords: healthcare data breaches, electronic health records, digital recordkeeping, protected health information, PHI
Previous analyses done in 2013-2014 of the HHS database for data breaches affecting 500 or more individuals found that roughly 75% of breaches were due to theft and loss of things like desktop computers, paper records, laptops and removable storage devices like CDs, USBs, and films. In comparison, hacking and IT incidents only came in at about 7%. In other words, although it is unlikely that any method of managing protected healthcare information (PHI) will ever be 100% safe, in 2014, it looked like online methods of practice management were substantially safer than more traditional methods. However, given that so many more healthcare professionals are using digital methodologies now, it seemed timely to explore whether those conclusions still hold true today. An analysis of the same HHS database in August 2020 found that, in fact, trends have reversed markedly and that hacking and IT incidents now account for 87% of the reported breaches. Email and Network Servers were the major culprits, with Network Server breaches accounting for 67% of the breaches and Email 23%. All other Type of Breach categories, including those that were at the top of the list in 2014, only contributed negligible amounts. Possible explanations as well as suggestions for reducing these risks are explored.