The 1996 Health Insurance Portability and Accountability Act, more popularly known as HIPAA, came into being with the purpose of making it easier to keep health insurance. Over the years, the scope of HIPAA has been expanded to prevent healthcare fraud and abuse, and increase administrative simplicity. As a result, the law regulates the disclosure of Protected Healthcare Information (PHI) held by “covered entities” (for e.g. healthcare provider, employee sponsored healthplans, health insurers, business associates etc.). Any covered entity needs to protect PHI in all forms, be it physical or electronic.
The key thing to note is that there is no safe harbor option in HIPAA, if PHI is being shared or transmitted; compliance has to be there with respect to security and unauthorized disclosure of the information.
At Kays Harbor Technologies, we did a detailed analysis of HIPAA data breaches which occurred in first half of 2015. Interestingly, majority incidents happened due to underlying software glitches, as highlighted in the infographic below.
Infographic Source : http://kaysharbor.com/blog/healthcare/hipaa-data-breaches-in-first-half-of-2015/