closeup image of a green eye

Internal Threats to HIPAA Compliance

Where Are You Most Vulnerable to an Internal Breach?

The power of curiosity can make any healthcare setting vulnerable to breaches. From the inside. We’ve heard stories about breaches from clients involving simple gossip, not-so-simple revenge in a child custody dispute, and celebrity snooping.

Although ransomware and hacking grab the headlines, when it comes to healthcare data, most breaches are inside jobs. Generally, this is not true in other industries. Every year Verizon publishes a Data Breach Investigation Report and in 2019 the insider breach trend continues.

Not all internal breaches are intentional

There are many ways data is breached. According to Verizon, the top three patterns are: Miscellaneous Errors, Privilege Misuse and Web Applications*, together representing 81 percent of incidents in healthcare.

When insiders decide to snoop, what motivates them? 83 percent do it for financial reasons, but others include fun, at six percent of all breaches, three percent are simple convenience, and grudges represent another three percent. Interestingly, espionage accounts for two percent of all breaches.

You can reduce your risks and take control if you understand where you’re vulnerable. Some simple steps will take you a long way toward breach prevention, saving you time and money.

Take these steps to protect your organization from internal breaches

·      Maintain a culture of compliance.

·      Train your staff and use sanctions if staff don’t follow your HIPAA policies.

·      Complete a Risk Analysis and implement the Risk Management Plan. Do it every year

·      Limit unnecessary access.

·      Streamline phishing reporting. You might catch an event before it becomes a breach.

·      Limit the use of web applications like shopping and social media – most of these are designed to find information about users, not maintain privacy.

The HIPAA E-Tool® is designed for prevention and has everything you need to implement a secure environment for patient data. From workforce training, to confidentiality agreements, access controls and a robust Risk Analysis, we can help you fill the gaps and stop the vulnerabilities from becoming costly breaches.


*A web application (unlike a static website) is an interactive site where the user communicates with the site (like Amazon shopping) or can post or communicate with other users (social media like Facebook, Twitter, Pinterest)

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2019 The ET&C Group LLC.
The HIPAA E-Tool® is a registered trademark of The ET&C Group LLC
Terms of Service | Privacy Policy

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free