Tag Archives: patient data

Root Cause

Analysis of Causes of Patient Data Breaches

By ThinkReliability Staff

When dealing with a seemingly overwhelming problem, care should be taken to ensure that resources are used most effectively by addressing the causes that have the biggest impact on the issue.  Take the case of HIPAA breaches of medical records.  Since February of 2010, 26.8 million individuals in the United States have been impacted by a data breach.  There are multiple potential causes that could result in these data breaches. So, where should efforts be directed to be most effective?

Looking at actual events and determining the probability of different types of failure can better direct your solutions, even if your organization hasn’t personally experienced a data breach.  We do this in a proactive Cause Map, which looks at potential causes and – when data is available – determines the relative probability of each contributing cause.  Luckily for us, this analysis has already been performed for data breaches reported to the HHS since February 2010.  We will use here breach analysis and graphs created by medical software research resource Software Advice in a recent report on the subject.

The biggest cause of patient data record breaches is theft.  Theft accounts for at least 48% of breaches.  (There were also incidents described as combination, other or unknown, which may also involve theft.)   As an example, a health insurance provider lost nine server drives that included information for 1.9 million people, two years after a portable disk drive was stolen that included personal data for 1.5 million members.  (View our analysis of patient data breaches caused by theft in our previous blog.)

The next largest cause of patient data breaches is unauthorized access.  Unauthorized access is the cause of 18% of data breaches.  These types of breaches have the potential to result in employee action in addition to the other goals that are impacted.  These events may involve outside contractors, or “Business Associates” (BAs).  BAs are involved in 22% of incidents, but account for 48% of impacted individuals due to data loss.  An example of a patient data breach caused by an outside contractor is the case involving records of 20,000 patients, which were posted online by a contractor.  (View our analysis of this data breach in our previous blog.)

Loss accounts for 11% of patient data breaches.  This includes the largest patient data breach from the time period covered, when a TRICARE BA (contractor) lost backup tapes, impacting the records of nearly 5 million patients.   Improper disposal, such as when a shredding company abandoned the records of 277,000 patients in a public park, accounts for 5%.  Hacking also occurred in 6% of breaches, such as when the servers at the Utah Department of Health were broke into and records for almost 800,000 people were stolen. (Remaining events are classified as a combination of the above, other, or unknown.)

The HIPAA Omnibus Rule clarified liability for Business Associates and subcontractors, which should serve to reduce their involvement in data breaches.  But for the events that don’t involve outside parties, how can these events be reduced?

Focusing on two of the most likely causes of breach – theft and loss – encryption can reduce the risk that data can be accessed if physical devices are stolen.  Laptops account for 22% of breaches, and other portable devices account for 12%.  However, encryption won’t help with paper records, which account for 23% of data breaches.  In these cases, limit to access of records and prevention by removing records from the storage site can help, as can moving from paper records to electronic health records, which accounted for only 2% of  data breaches.  However, the storage devices used for electronic health records, including laptops, as discussed above, network servers (10%), computer (13%) are more likely to be involved. Because physical storage devices account for so many data breaches, whether or not electronic records are being used, cloud storage is worth consideration.  Although hacking is still a concern, remember that it accounts for just 6% of breaches – as opposed to theft and loss, which make up nearly 60% of breaches.

To view the proactive analysis/ Cause Map of these data breaches, please click “Download PDF” above.  Or click here to read more.

Root Cause Analysis

Theft at Healthcare Facilities Puts Patient Data at Risk

By ThinkReliability Staff

There have been many reported cases of thefts at healthcare facilities that resulted in patient data being at risk.  Loss of medical equipment or patient safety data is a big issue for the involved healthcare facility, and it’s all too common.  More than half of healthcare facilities have reported at least one health data breach since 2009.  It is   estimated that 66% of reported breaches are due to theft.  (For an example of a patient privacy breach not related to theft, read our previous blog.)

Some notable thefts: more than $1 million worth of equipment (including some that contained patient information) was stolen over a two-year period from a VA Hospital in Florida.  A health insurance provider lost nine server drives, including patient and provider information  for 1.9 million people.  The theft was not reported until two months later and followed a theft two years prior of a portable disk drive which contained personal data for 1.5 million members.  We can look at the issue of theft of equipment in a proactive root cause analysis performed as a Cause Map, which allows us to visually map causes that could results in impacts to the goals.

In this case, there is the risk of impact to the patient safety goal if patient medical records are impacted.  The loss of property can be considered an impact to employees, the organization, and the property goal.  The loss of patient data can be considered an impact to the patient services and compliance goal (as compliance with privacy regulations may be affected).  In this case, we look specifically at loss of equipment and data due to theft.

Beginning with the impacted goals, we can ask “Why” questions to add detail to the Cause Map.  Loss of property can result from theft, and insufficient inventory records can contribute.  (This was noted in the case of the VA loss.)  Theft can occur within or outside a healthcare facility.   Within a facility, property can be stolen by either employees, or non-employees.  If it is determined that property was only accessed by employees, more intense background checks may be in order.  In either case, security needs to be considered.  The levels of security depend on the type of facility, type of property and data contained in various spaces, and various other factors, and should be considered for each facility individually.

Property that is stolen outside the facility is generally stolen from an employee who works off-site or has taken data off-site, and insufficiently protects the data.  If employees are allowed to have sensitive information or expensive equipment off-site, sufficient precautions must be taken, which are also dependent on the sensitivity of data, value of property, and needs of the facility.

To view the Outline and Cause Map, please click “Download PDF” above.

Root Cause Analysis

Medical Information from 20,000 Patients Posted Online

By ThinkReliability Staff

Unfortunately, privacy of health records has become an increasingly frustrating issue.  The Department of Health and Human Services revealed that records for 11 million people were potentially made public for over two years.  A recent medical records privacy breach has made the news for the length of time the records were publicly exposed.

A hospital in California recently notified 20,000 patients that their data had been published on a commercial website from September 9, 2010 to August 23, 2011.  The published data was discovered by a patient and had been used to demonstrate the use of turning data into a bar graph.  This particular data had been given to an outside contractor for billing purposes. Although it did not contain information usually used for identity theft – such as social security numbers, it did include names and diagnosis codes, meaning that extremely personal information was included.

We can examine this issue in a Cause Map, or visual root cause analysis.  A Cause Map begins with the impacts to an organization’s goals and uses the principles of cause-and-effect to examine the causes that contributed to these impacts.  Any breach of patient privacy can be considered an impact to the patient services goals.  In fact, health care organizations may choose to add a new goal category of “Patient Privacy”.  (This is shown on the  downloadable PDF.  To view, click “Download PDF” above.)  In addition to the impacted patient services and patient privacy goals, the hospital was fined $250,000 (the maximum) by the California Department of Public Health and provided identity protection services to the affected patients.  Given the astonishingly large numbers of medical records accidentally made public, this is an issue to which all healthcare facilities should be paying attention.

The exact method that the data made it onto a public website (which provided homework assistance) is not known, but the data had been provided to an outside contractor used for billing purposes.  The contractor is no longer being used by the hospital, and some privacy experts say that better confidentiality agreements are needed by hospitals who provide patient information to outside contractors.  What is particularly disturbing about this case is that the data remained online for nearly a year – and was discovered by a patient.  However, there does not seem to be a practical way for individual organizations to monitor the internet for misplaced patient data.  Instead, focus should be on ensuring better protection upfront for medical data, in an attempt to limit breaches of patient privacy.

To view the Outline and Cause Map, please click “Download PDF” above.  Or view the New York Times article to learn more.