More HIPAA violations come from employee error than from outside attacks, according to an article written by Lucia Giles, Sr. Content Marketing Manager, Vanta.
The article covers a recent survey conducted by Vanta regarding HIPAA risks at various healthcare organizations. Over half of the 600 survey participants reported HIPAA-related incidents or “near misses” have occurred at their workplaces. Additional findings:
- Nearly half of HIPAA-related incidents are due to “internal employee errors,” like “misdirected emails, improper record disposal, or failure to follow standard procedures.”
- When asked about barriers healthcare organizations face that keep them from remaining HIPAA compliant, 41% said “evolving regulations.”
- Not all organizations provide HIPAA compliance training.
- Less than half (33%) of healthcare organizations perform yearly vendor risk analyses.
- Only “69% of organizations require vendors to provide employee HIPAA training and show compliance verification.”
Giles emphasized that, “HIPAA compliance isn’t solved by a single tool or policy. It requires a coordinated effort across training, technology, and oversight.”
