Everyone should be grateful for HIPAA (The Health Insurance Portability and Accountability Act) which was passed in 1996 due the protection and power it gives to individual to manage their own private healthcare data.
The Act was originally passed, under the Clinton Administration, in 1996 to help employees move health insurance plans when they are moving between jobs in different companies. Since it was passed, it has been adapted and amended so that it includes all aspects of health-related privacy, specifically maintaining the integrity of a patient’s protected health information (PHI).
It is important to safeguard this private information as it can have massive consequences, be it the social stigma of an illness or simply obtaining identifying data, In legislating to protect this private information, anyone who plays a part in failing to do so will face consequences.
Healthcare data is very attractive for cybercriminals as it has a huge value on the black market (with a single file of PHI possibly reaching $20,000). This means that is both a target of cyberattacks and employees hoping to make money from the information. HIPAA requires that all healthcare data is encrypted, reducing the chance that it can be accessed and read during a cyberattack.
Stealing healthcare data is also profitable as it usually includes a lot of individual pieces of information – as well as names and addresses, it usually has Social Security Numbers, claims information and details on financial accounts. These pieces of data can be hard to change or cancel, so even if a HIPAA breach has been discovered the information is still “valid” for a longer period than, say, credit card information.
If such data has been obtained or sold, it can then be used to commit fraud. In the healthcare sector, this can mean claiming treatment using someone else’s insurance or even illegally getting restricted drugs through their prescriptions. All can have devastating ramifications for the victim. Until it has been proven to be fraud, their insurance premiums will go up and it will be harder for them to access prescriptions in going forward.
The data from separate PHI files can also be linked together to create a new identity. This, again, can hugely complicate the lives of victims as they may receive bills or even court notices sent to their impersonator.
As PHI commands such a high value, patients are increasingly put in danger from cyberattacks or even malicious employees intending to sell their data. HIPAA is in place for a reason – to safeguard patient privacy. All healthcare employees should be made aware of its importance, both from a social and economic perspective.
