I have always been an advocate of protecting one’s personal information and privacy and was personally pleased when the HIPAA standards came into being, as this raised the tide for all medical care providers to a common level of information protection. Indeed doctors, dentists, insurers, health organizations, hospitals and clinics all moved to have their data handling and storage reviewed and certified as being HIPAA compliant.
Sadly, being compliant is not synonymous with being secure. According to the Privacy Rights Clearinghouse there have been more than 87 separate data breaches made public from January 1 – June 10, 2011, which in aggregate affected more than 5,000,000 individuals’ records. Let’s look at the variety of ways patient data were compromised and how every one of these losses was avoidable.