California Medical Data Breach Report Highlights Healthcare Access Management Concerns

David Ting
Feb 03, 2012

Late last year, California enacted a new state law to help notify patients of potential breaches of their personally identifiable health information, requiring healthcare organizations to report suspected incidents of data breaches. The initial results are in, and it’s not pretty. According to the Journal of the American Health Information Management Association, California officials have received more than 800 reports of potential health data breaches in the first five months since the laws went into effect on January 1st. Of the 122 cases that have been investigated, 116 have been confirmed as security breaches. Officials expect the numbers to grow as more organizations put in the processes to report potential breaches.

While the majority of the breaches are being called “unintentional” breaches, the intentions behind the unauthorized access of patient information matters little. Seemingly innocuous activities, such as password sharing, present significant data security challenges for healthcare organizations that put them, and their patient’s private information, at risk.

These initial reports demonstrate that access management is still a priority concern for healthcare organizations to prevent unauthorized access to patient records – whether intentional or not. Tying a user’s identity to access via strong authentication, such as proximity cards and biometric fingerprints, can have a profound effect on overall enterprise security and help prevent organizations from becoming another one of the statistics cited in the next report. Are these numbers an accurate reflection of the state of security in the healthcare industry? Do you think that the numbers will decrease as organizations get a handle on the processes to prevent or report breaches? Email me and let me know.