/ Blog/ Could a Data Breach Constitute Medical Malpractice?
How secure is your health care information? That’s a question a lot of people have been asking as more and more patient data is being stored electronically, and as more and more health insurers and others who manage patient records have seen their information systems attacked.
Massive amounts of confidential data – patient records as well as in some cases associated financial information – have been stolen. One industry assessment noted that reported breaches for 2015 add up to more than 112 million stolen medical and healthcare records. Equally startling might be the fact that medical and healthcare accounted for two-thirds of all stolen records in 2015.
Indiana isn’t immune from health care data breaches. In 2015 nine incidents were reported, up from five the year before. More troubling is the amount of records affected by those breaches: in 2014, only 69,000 records were involved; last year, that number jumped to 4.3 million. The huge increase reflects, in part, the increased capability of hackers. But it’s also a function of the continuing migration of more and more patient information into larger and larger information systems. When records were stored on paper, they were difficult to access and cumbersome to copy or steal in quantity. Digitized records that are fully accessible online are a great advance in patient care. They allow all healthcare professionals quick access to the same information, improving diagnosis and quality of care while at the same time reducing some risks, such as dangerous medical interactions when physicians are unaware of existing prescriptions.
But these gains have come with a price. Once someone gains illicit access to the system, it can be much easier to take records, and to take large amounts of records. The theft of more than 78 million patient records at Indianapolis-based Anthem was, in fact, the largest single US cybersecurity breach reported in 2015. Five more of the year’s “Top 10” involved medical data.
There are two items that can be considered “the good news” when it comes to healthcare information security. One is that as part of HIPAA, a law that covers electronic medical records confidentiality and accessibility, misuse of medical information is a crime. HIPAA penalties – fines and potential jail time – were increased a few years ago, and prosecutions are up.
The other good news is that organizations who hold large amounts of medical data, such as insurers and hospitals, have become very aware of how vulnerable they are. It is now a priority for many of these institutions to dramatically improve data security. In addition to their clients’ data, their reputations and corporate stability are now on the line: Moody’s is now including the risk of cybercrime in its bond rating calculations.
Patients should always be responsible as well: never share medical data except with appropriate professionals, and safeguard important information such as credit card data and your social security number.
Medical malpractice comes in many forms. In some cases, the courts have ruled that HIPAA violations qualify. If you need legal advice in a situation that involves potential medical malpractice, call 317-920-6400 to talk to one of the attorneys at Wilson Kehoe Winingham. We’ll let you know what we think, and what your next steps might be. You can also reach us online.
Fill out the form below to receive a free and confidential initial consultation.