2013 saw a monumental number of data breaches, and health care was not immune. These breaches collectively compromised millions of individuals' personally identifiable information (PII) and protected health information (PHI). Within the health care field, many of the reported data breaches were not perpetrated by sophisticated hackers but were the result of individuals making poor choices. Small and medium size businesses within the health care field, including health care providers and business associates, are working to comply with the new Health Insurance Portability and Accountability Act (HIPAA) reporting requirements. The new HIPAA security rule requires data breach notification and mentions possible financial penalties in the event that PII and PHI are compromised. Poor choices by employees can and do undermine even carefully constructed information security structures designed to be HIPAA compliant.

Forecast for 2014

The 2014 forecast is not good, according to InformationWeek. The size and quantity of health care data breaches are expected to grow as the U.S. Affordable Care Act is implemented. Small and medium practices will discover that data management is an integral part of the business of medical care. IT teams and IT service providers have an opportunity to distinguish themselves during this period of flux and to implement proven security solutions and security awareness programs.

There is a saying that one should treat sensitive information and cash in the same manner: Do not leave it lying about; secure it, and count it regularly. PII and PHI are no exceptions to the axiom. IT solutions may start with ensuring that patient information is an accountable item by using the HIPAA physical and technical safeguards to guarantee compliance and taking client data security even farther beyond compliance. Cyber attacks receive attention and headlines, but human error puts data at risk more often than hacks.

Security Awareness

Security awareness training, specifically surrounding the implementation of IT solutions and the physical handling of data, allows those closest to PII and PHI to understand how their actions can keep data safe or put the organization at risk of a data breach. Security awareness training should include several aspects: The preferred manner for the handling of paper files; the access controls placed on electronic medical records; the proper method to expunge medical data from systems and medical monitoring equipment; best practices for manual and automatic data storage and backup; prescribed channels to use to report an anomalous event.

With attention to detail, the probability of human error is reduced. With a reduction in human error, perhaps the prognostication of 2014 as a banner year for data breaches in health care will prove to be incorrect.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

See more here:

Health Care Data Breach Growth in 2014