When HIPAA violations do occur, practices need to enforce proper reporting procedures to make sure that the event is recorded and addressed correctly. Unfortunately, a breach could easily go unreported, reducing the chance that whatever situation caused it will be successfully corrected and avoided in the future.
In an interview with Health Info Security from May, Kate Borten of the security firm The Marblehead Group addressed some of the issues surrounding the increasing frequency of breaches in the healthcare industry.
One big problem she identifies is a lack of understanding regarding health information and what constitutes a breach in the first place. Even when they do, an employee could accidentally set the stage for a HIPAA violation by failing to communicate important access data to the right people internally. Education and proper policies make a very real difference in these cases.
"I suspect there are many more breaches occurring that aren't even recognized, and it has to be at the ground level, the individuals [recognizing the potential breach]," she says. "This isn't just manager training. This is workforcewide – recognizing what is an incident to be reported."
This isn't just a problem in the United States: an article in the Toronto Star recently focused on the many possible unreported medical data breaches in Canada that happen each year, which could be in the thousands. Nearly 220 instances of unreported breaches were discovered by the source in Toronto health centers alone.
Taking care of a HIPAA breach is a process with multiple steps, and affected practices need to follow the proper procedure from beginning to end for maximum effectiveness. HIPAA compliance services are available to make understanding proper behavior easier in the face of possible government penalties.