[Dataloss] Medicare Medicaid and TriCare breaches

lyger lyger at attrition.org
Sat Sep 9 14:53:32 EDT 2006 

From: Al Mac <macwheel99_at_sigecom.net>

The "over 40%" with security breaches in the last 2 years (impacting over 
100 million people covered by these public health care programs) =

47 % for Medicare Advantage;
44 % for Medicaid agencies;
42 % for Medicare FFS contractors;
38 % for DoD Tricare contractors.

In studying the GAO report I was particularly struck by:

* Many Federal Contractors and State Medicaid Agencies experience privacy 
breaches but not all are required to report breaches to federal agencies.

* The GAO, in this survey, did not delve into the frequency or severity of 
the reported breaches;

* The claim that these rates are comparable to the rate reported by 
commercial health insurers, where 46% of commercial health insurers 
reported at least one privacy breach from January thru June 2005, 
according to a HIPAA Compliance Survey: HIMSS/Phoenix Health Systems, U.S. 
Healthcare Industry  Summer 2005 (August 2005).

My e-friend Bob Speth got me url on more recent Winter 2006 HIPAA survey 
of 324 organizations:

http://www.hipaadvisory.com/action/surveynew/results/winter2006.htm

According to this:

* data security incidents plague 1/3 of Providers and Payers;

* in the last 6 months, 60% of the Provider organizations have experienced 
privacy breaches, which is same as in prior reports, while the rate of 
incidents for Payer organizations has risen from 45% to 66%;

* the majority of organizations with breaches have had one to five 
separate incidents, but 20% have had six or more incidents;

* 55% of health care providers claim to be compliant with HIPAA security 
standards;

* 72% of heallh care payers are reportedly compliant;

* subtract these #s from 100% to see #s not up to HIPAA standards, which 
some people feel do not go far enough... for example, mitigation does not 
include informing the patients whose medical records got breached.

It is evident to me from these numbers that the government knows a heck of 
a lot more about what organizations are experiencing privacy breaches than 
what has leaked out to the news media. We are still seeing only the tip of 
an iceberg.

The GAO, an investigative arm of the US Congress, looked into the 
outsourcing of personal health services for Medicare, Medicaid, and 
TRICARE, finding a total of 378 entities doing the work, of which over 40% 
have recently experienced privacy breaches.

Privacy Hot Topic: Domestic and Offshore Outsourcing of Personal 
Information in Medicare,

Medicaid, and TRICARE.  GAO-06-676, September 5.

http://www.gao.gov/cgi-bin/getrpt?GAO-06-676

Highlights - http://www.gao.gov/highlights/d06676high.pdf

More information about the Dataloss mailing list