The threat of hacking electronic medical records may be a concern to many health care providers, but software experts argue that physical theft and human error are much bigger problems.
Using data published by the Dept. of Health and Human Services, Software Advice, a computer consultation service, combed through reports of medical record breaches and found that physical theft and loss accounted for more than 60 percent of all security breaches.
Hacking comprised just 6 percent of the breaches.
"HIPPA violations aren’t happening in the cloud. Rather, they’re happening in the doctor’s office, hospital IT closets, cars, subways, and homes," Software Advice wrote.
The HHS data combined all reports of medical record breaches that affect more than 500 people as of June 9, 2011. The reports include notes on the circumstances of the breach, such as one instance where 6,800 paper records were mailed but never received, and another report that an impostor posing as a recycling-service employee took over with more than 1,300 records and films.
Most of the issues are the result of carelessness and theft, not professional hacking, even for the largest violations on record, according to Software Advice.
Even among electronic records, nearly 87 percent of breaches resulted from physical theft or loss of computers and hard drives.
"Some have said that increasing the number of EMRs make our records more vulnerable. I’d cite the above data to argue otherwise, " Software Advice wrote. "Paper records and portable devices are the weakest link in HIPAA security."