May 2023 Healthcare Breaches and Unauthorized Access or Disclosure
Incidents of unauthorized access or disclosures of PHI can occur in two ways – an authorized employee accesses PHI inappropriately, or an unauthorized party gains access to PHI. May 2023 recorded 11 incidents of unauthorized access or disclosure of PHI. These incidents affected 82,236 patients, representing 0.43% of the breached records reported in May.
How to Prevent Unauthorized Access or Disclosure
As we mentioned, there are two ways in which unauthorized access or disclosures occur – inappropriate employee access or unauthorized access by another entity.
Policies and Procedures and Employee Training
HIPAA policies and procedures are essential to HIPAA compliance as they guide employees on what is appropriate. HIPAA requires employee use and disclosure of PHI to be limited to the minimum necessary to perform their job functions. Your policies and procedures should dictate this, and employees should be trained on the policies and procedures to be aware of their obligations.
User Authentication, Access Controls, and Audit Controls
To ensure adherence to the minimum necessary standard, you must implement user authentication, access controls, and audit controls. User authentication provides unique login credentials for each employee, while access controls enable administrators to designate different PHI access levels using those unique login credentials. Also, based on the implementation of unique login credentials, audit controls track access to data to ensure that PHI is accessed appropriately by each employee.
May 2023 Healthcare Breaches and Other Causes
In May 2023, there were two incidents of PHI theft reported, affecting 5,632 patients, representing 0.03% of records breached that month. The best way to prevent PHI theft is through access controls, audit controls, security measures that limit PHI access, and employee training.