Why HIPAA matters: The toll of privacy breaches and compromised health data

As everyone knows by now, it's extremely important to educate all dental employees about the importance of HIPAA and the severe consequences that a breach could have.

Oct 3rd, 2018
Content Dam Diq Online Articles 2017 06 Hipaa 1
Knowledge is power, and nowadays this is truer than ever. The move to a digital economy has facilitated the explosion of information consumption. Knowledge about customers, patients, and employees has enabled health-care organizations to personalize products and services and make decisions that meet their needs, but perhaps not the needs of their patients.

The insights health-care entities have about the people they serve is extensive, and issues arise when this information is misused, such as when information is accidentally compromised. Shockingly, 78% of health-care workers lack data privacy and security preparedness, which caused vulnerabilities that contributed to a total data breach cost to the industry of $6.2 billion in 2016.

This is detrimental to the businesses involved, but what are the repercussions to individuals when their health information is mismanaged? At best, they’re embarrassed, but at worst they may face reputational, financial, or employment-related impacts.

Aetna fall-out: The consequences of stigma and discrimination on those who are breached

A prime example of employee negligence in handling sensitive information involved the insurance company Aetna. In 2017 they accidentally disclosed the HIV status of thousands of customers when they sent them a letter in a window envelope that had an opening large enough to read the letter. This was an unfortunate case where a mistake led to a privacy breach that had serious and long-lasting impacts on the people affected.

Aetna’s actions left people extremely vulnerable and exposed. Not only family, but roommates and complete strangers could have been exposed to their private health information. In some cases, this caused emotional distress due to discrimination and harassment, with many people resigning from their jobs and unable to face the stigma. Some even had their homes vandalized and felt it necessary to move. While the stigma surrounding HIV may be less severe than it used to be, the reality is that serious discrimination still exists.

Our right to privacy is linked to the values we have as a society around individual and personal autonomy. Breaches such as the Aetna one is an extreme case of the severe repercussions when this right to privacy is taken away from us. Protecting patient confidentiality is critical to ensuring people feel safe when they receive their health care.

HIPAA: Keeping patients at the center of things

How do we know that our personal health information is not going to be accessed by external parties or used to our detriment? This is more serious than a compromised password. Biometric, genetic, and some health information cannot be reset or changed at will.

Regulations, such as HIPAA, are vital to ensure the security and privacy of health information is top of mind for all health-care providers. HIPAA is important to ensure that electronic personal information is collected, used, and disclosed within the appropriate technological and procedural safeguards. For example, HIPAA has rules that guide health-care organizations and restrict who can view health information. HIPAA also gives agency to patients by allowing them control over who their information is released to.

Health-care providers need to ensure that they’re following the rules and keeping patients’ wellbeing at the center of all decisions. Aetna had to settle for $17 million. Other companies have paid more because of lawsuits or fines imposed by HIPAA violations. If we add to that the impact the breach had on reputations, the costs are substantial.

Having a privacy program in place where personal health information is collected, used, disclosed, retained, and disposed of in a secure manner ensures your patients are protected and all health-care organizations can serve patients more effectively.


For the most current practice management headlines, click here.


For the most current dental headlines, click here.

Ale Brown, MBA, CIPP, CIPT, founded Kirke Management Consulting in2014with the goal of helping organizations excel in their businesses by finding opportunities for growth while managing risks. Ale started her career in IT with corporations such as Procter & Gamble and Johnson & Johnson. She ventured into the entrepreneurial world working for boutique consulting firms. Her specialties at the time were the implementation and management of enterprise resource planning (ERP) systems and customer relationship management strategies. During job with J&J, she partnered with various commercial groups to provide IT solutions in the areas of sales force effectiveness and digital marketing. This is when Ale was exposed to the world of privacy management.

More in Patient Relationships