I’ve spoken with a number of doctors and practitioners who are hesitant about storing EMR Data “in the cloud”. Inevitably these discussions lead to their number one concern which is security and the possibility of HIPAA problems. To try and help them keep an open mind about available product options I’ll try and make the case that the level of physical security in their office where records (paper or digital) are stored is far less than the security provided by a top tier cloud vendor.
Recently released data by the The US Department of Health and Human Services seems to back me up. HHS has disclosed on its website all health record security breaches that have affected more than 500 people. The source data is interesting, but it’s even more interesting in graphical form.
Michael Koploy at Software Advice has taken all of the breach data provided by the HHS and compiled it into easy to understand pie charts in his recent article titled HHS Data Tells the True Story of HIPAA Violations in the Cloud. According to Michael, the data shows that the vast majority of HIPAA violations weren’t instances of professional hacking or Ocean’s 11-esque intrusion. Most were a result of poor internal security, petty theft, or negligence.