DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

On-the-Spot Intervention 95% Effective in Reducing Healthcare Employees’ Unauthorized Access to Protected Health Information (PHI)

Posted on April 14, 2022 by Dissent

The following is a press release from Protenus. As a reminder/disclosure: DataBreaches.net compiles data and performs some data analytic services for Protenus’s Breach Barometer each year. 

Protenus is pleased to announce a recent study found that on-the-spot interventions for healthcare employees who inappropriately accessed PHI were 95% effective in preventing repeat offenses. The article, “Effectiveness of Email Warning on Reducing Hospital Employees’ Unauthorized Access to Protected Health Information: A Nonrandomized Controlled Trial” by authors Dr. John (Xuefeng) Jiang, Ph.D., Professor, Plante Moran Faculty Fellow, Department of Accounting & Information Systems at Michigan State University; Nick Culbertson, CEO and Co-Founder of Protenus; and Dr. Ge Bai, Ph.D., CPA, Professor of Accounting at Johns Hopkins Carey Business School, was published on JAMA Network Open yesterday.

Insider data breaches are no small matter for healthcare organizations, especially large academic medical centers like the one in the trial. 92% of combined small and large breaches in 2019 were tied to unauthorized access, according to publicly available U.S. Department of Health & Human Services (HHS) data. Typically, organizations focus on the low-volume, high-risk events like VIP patient privacy violations that often go public, rather than the high-volume, low-risk events such as access to a family member’s information or self-access, which can be just as violating to the patient.

In the case of small compliance teams or limited staff resources, it’s easy to miss all the benign or smaller events, but those often turn into bigger offenses over time. Says Nick Culbertson, “If you just wait for a big event, you’re going to miss the preventable small actions that can escalate into higher risk violations. Prevention is the most effective strategy. And that’s what we do at Protenus — working to eliminate risk, not waiting for it to happen.”

The researchers hypothesized that education could help stop first-time offenders from further violations. Through their trial, they uncovered supporting evidence that this was indeed the case. “What an email warning can do to deter employees’ unauthorized access is stunning. A simple email can lead to big changes,” says Dr. Ge Bai — an outcome that confirms the power of technology in supporting the proven hypothesis.

With healthcare constantly under attack by cybercriminals, it’s encouraging that the risk from insider events can be greatly mitigated. Dr. John (Xuefeng) Jiang says, “In my previous work, we found more than half of the healthcare data breaches were caused by providers’ internal mistakes or neglect. So I was thrilled to find out that a simple email warning could significantly reduce these internal mistakes. I look forward to working with Nick and Protenus to uncover other solutions to the cybersecurity challenges in healthcare.”

Read the complete report from JAMA now

If allowed to go unchecked, healthcare employees committing unauthorized access to protected health information present a huge financial and reputational risk to the organization and most importantly, its patients. To learn more about how data breaches are affecting the healthcare industry, download the 2022 Breach Barometer from Protenus.

About Protenus

Protenus harnesses the power of AI to provide healthcare organizations with scalable risk-reduction solutions that drive the safest patient outcomes while protecting the reputation of the organizations. We are committed to innovation, determined to reduce risk, and focused on supporting our community of employees, customers, and ultimately, patients. Empowering healthcare to eliminate risk is at the heart of all we do. Founded in 2014, Protenus is a three-time winner of Forbes‘ America’s Best Startup Employers, is a Great Place to Work®-Certified company, and was named one of 2021 CBInsights Digital Health 150, one of The Best Places to Work in Healthcare by Modern Healthcare, and one of the Best Places to Work in Baltimore by the Baltimore Business Journal and the Baltimore Sun. Learn more at Protenus.com and follow us on Twitter @Protenus

Related posts:

  • 1.13M Patient Records Breached From January to March 2018
  • Third-party incidents continue to put patient ePHI at risk: Protenus
  • Criminal Attacks Are Now Leading Cause of Data Breach in Healthcare, According to New Ponemon Study
Category: Commentaries and AnalysesInsider

Post navigation

← ‘JekyllBot:5’ Vulnerabilities Allow Remote Hacking of Hospital Robots
Patients increasingly suing hospitals over data breaches →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.