{"id":2168,"date":"2012-12-10T00:00:00","date_gmt":"2012-12-10T00:00:00","guid":{"rendered":"http:\/\/otava.test\/small-medical-offices-big-risk-to-data-security\/"},"modified":"2012-12-10T00:00:00","modified_gmt":"2012-12-10T00:00:00","slug":"small-medical-offices-big-risk-to-data-security","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/","title":{"rendered":"Small Medical Offices Big Risk to Data Security"},"content":{"rendered":"
\"HITRUST<\/a>
HITRUST Analysis of US Healthcare Breach Data; Source: HITRUSTAlliance.net<\/figcaption><\/figure>\n

 <\/p>\n

HITRUST did an analysis<\/a> of U.S. healthcare data breaches from 2009 to the present. Some of the information they have found is somewhat demoralizing; the data breaches analyzed were instances where 500 or more individuals were affected, and there\u2019s been little change to the overall number over this time span. The healthcare data breach total from 2009 forward is up to 495, involving around 21 million records. The cost associated? About 4 billion dollars.<\/p>\n

There were sections of the healthcare industry that have successfully lowered their instance of breaches. Hospitals and health systems, for instance, saw a 71% decline from 2010 to 2011. However, some areas of the healthcare industry, most notably physician practices, are not showing any progress. HITRUST assumes the lack of change in numbers is due to smaller facilities not having the awareness, nor the resources, to accurately and efficiently identify and resolve potential issues. This finds a correlation in the data that 60% of breaches within this subset are from practices that have less than 100 total employees.\u00a0Smaller practices might not have as much money set aside for training their staff on data security, or have weak spots when maintaining the internal, administrative, and technical safeguards that comprise HIPAA compliance<\/a>. Especially with the push for electronic data sharing and interconnectivity between facilities, this can pose a threat that has the potential to spread up into larger organizations.<\/p>\n

Many smaller facilities are still using paper records too, which were involved in around 24% of breaches; a significant portion. Also, Business Associates (BAs) were implicated in 58% of cases and accounted for 21% to date. This is found within all organization types, and highlights the importance of getting a Business Associate Agreement (BAA). BAAs help define the role of both parties, as well as ensuring that the BA takes the appropriate measures in order to implement and uphold the safeguards necessary to help prevent a data breach.<\/p>\n

Check out the five questions to ask your Business Associates<\/a>, to find out more about the information that\u2019s important when working with BAs. The information found by HITRUST is being used to help modify the CSF Assurance Program, which is working to align itself with meaningful use requirements, as well as give more standardized audit guidance.<\/p>\n

View the full HITRUST breach report and infographic on HITRUSTAlliance.net<\/a>.<\/p>\n

More resources:
\nAn overview of HIPAA compliant hosting<\/a>
\nThe HIPAA Police Are On Their Way!<\/a>
\nWhat is a HIPAA Violation?<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

  HITRUST did an analysis of U.S. healthcare data breaches from 2009 to the present. Some of the information they have found is somewhat demoralizing; the data breaches analyzed were instances where 500 or more individuals were affected, and there\u2019s been little change to the overall number over this time span. The healthcare data breach total from 2009 forward is up to 495, involving around 21 million records. The cost associated? About 4 billion dollars. There were sections of the healthcare industry that have successfully lowered their instance of breaches. Hospitals and health systems, for instance, saw a 71% decline from 2010 to 2011. However, some areas of the healthcare industry, most notably physician practices, are not showing any progress. HITRUST assumes the lack of change in numbers is due to smaller facilities not having the awareness, nor the resources, to accurately and efficiently identify and resolve potential issues. This finds a correlation in the data that 60% of breaches within this subset are from practices that have less than 100 total employees.\u00a0Smaller practices might not have as much money set aside for training their staff on data security, or have weak spots when maintaining the internal, administrative, and technical…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2168","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nSmall Medical Offices Big Risk to Data Security | OTAVA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Small Medical Offices Big Risk to Data Security\" \/>\n<meta property=\"og:description\" content=\"  HITRUST did an analysis of U.S. healthcare data breaches from 2009 to the present. Some of the information they have found is somewhat demoralizing; the data breaches analyzed were instances where 500 or more individuals were affected, and there\u2019s been little change to the overall number over this time span. The healthcare data breach total from 2009 forward is up to 495, involving around 21 million records. The cost associated? About 4 billion dollars. There were sections of the healthcare industry that have successfully lowered their instance of breaches. Hospitals and health systems, for instance, saw a 71% decline from 2010 to 2011. However, some areas of the healthcare industry, most notably physician practices, are not showing any progress. HITRUST assumes the lack of change in numbers is due to smaller facilities not having the awareness, nor the resources, to accurately and efficiently identify and resolve potential issues. This finds a correlation in the data that 60% of breaches within this subset are from practices that have less than 100 total employees.\u00a0Smaller practices might not have as much money set aside for training their staff on data security, or have weak spots when maintaining the internal, administrative, and technical...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-12-10T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Small Medical Offices Big Risk to Data Security\",\"datePublished\":\"2012-12-10T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\"},\"wordCount\":422,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\",\"url\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\",\"name\":\"Small Medical Offices Big Risk to Data Security | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png\",\"datePublished\":\"2012-12-10T00:00:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Small Medical Offices Big Risk to Data Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Small Medical Offices Big Risk to Data Security | OTAVA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/","og_locale":"en_US","og_type":"article","og_title":"Small Medical Offices Big Risk to Data Security","og_description":"  HITRUST did an analysis of U.S. healthcare data breaches from 2009 to the present. Some of the information they have found is somewhat demoralizing; the data breaches analyzed were instances where 500 or more individuals were affected, and there\u2019s been little change to the overall number over this time span. The healthcare data breach total from 2009 forward is up to 495, involving around 21 million records. The cost associated? About 4 billion dollars. There were sections of the healthcare industry that have successfully lowered their instance of breaches. Hospitals and health systems, for instance, saw a 71% decline from 2010 to 2011. However, some areas of the healthcare industry, most notably physician practices, are not showing any progress. HITRUST assumes the lack of change in numbers is due to smaller facilities not having the awareness, nor the resources, to accurately and efficiently identify and resolve potential issues. This finds a correlation in the data that 60% of breaches within this subset are from practices that have less than 100 total employees.\u00a0Smaller practices might not have as much money set aside for training their staff on data security, or have weak spots when maintaining the internal, administrative, and technical...","og_url":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/","og_site_name":"OTAVA","article_published_time":"2012-12-10T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Small Medical Offices Big Risk to Data Security","datePublished":"2012-12-10T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/"},"wordCount":422,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/","url":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/","name":"Small Medical Offices Big Risk to Data Security | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png","datePublished":"2012-12-10T00:00:00+00:00","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/HITRUST-Analysis-of-US-Healthcare-Breach-Data.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/small-medical-offices-big-risk-to-data-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Small Medical Offices Big Risk to Data Security"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2168"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2168\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2168"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}