Question: The initial quest we asked was “What kinds of healthcare data breaches have happened?”. This has evolved as we’ve learned more into the following two questions. First, what are the underlying causes of healthcare data breaches and HIPAA violations? Second, how does the cost of these breaches impact the industry as a whole? We will use specific case studies and aggregate data to learn about the underlying causes of data breaches and HIPAA violations. We will use the knowledge we learn from answering our first question, and any additional information we can collect, to answer our second question.
Research method:
As described in our first draft of our research proposal, we plan to use a combination of case studies and data breach statistics. Case studies will be used to learn about the types of situations that breach occur in and how the breach was handled by the organization. This will also allow us to see what kind of implicit and explicit consequences occurred due to the breach.
In addition, as part of the HITECH Act, a list must be published of data breaches affecting more than 500 individuals. The list includes a summary of each breach and some specifics of the type of data comprised, method of the breach, location of the data (laptop, desktop, server, etc.), as well as actions taken following the breach.
Resources:
- List provided by the US Department of Health and Human Services of health data breaches. This site is updated regularly and includes data from 2009 - today. This will allow us to analyze a larger amount of data than may be provided with articles and case studies alone. The website allow for an excel export which we can then use to find similarities or frequencies within the breaches.
- A collection of articles provided by the Ponemon Institute that cover a range of security focused topics. The source contains articles dating back to January of 2012. The main benefit of this source is that the articles are detailed. However, the main drawback is that Ponemon is not updated regularly or even once a month. That said, there are still 47 articles currently available.
Thank you for your update on your research questions and links to resources. I learned a lot from reading more about this. You may also want to check out the HIPAA journal I linked to on the blog. I'll post other docs after I research this a bit more. Keep going...
ReplyDeleteI just did a search on ProPublica using HIPAA as the search term and got some interesting results. Maybe the links will lead to other links.
ReplyDeleteHere is an article published on ProPublica in July of this year that seems relevant. "The Secret Documents That Detail How Patients’ Privacy is Breached"
ReplyDeleteTry this link: https://www.propublica.org/article/the-secret-documents-that-detail-how-patients-privacy-is-breached
DeleteThank you for the feedback! We will definitely take a look at ProPublica.
DeleteThis comment has been removed by the author.
ReplyDeleteI am sure you making progress, but not seeing it on the blog. I'll be posting about the presentation, but mostly just checking in on everyone.
ReplyDelete