JMIR Publications

ABSTRACT

Background:

Despite strict HIPAA enforcement, healthcare systems in the USA continue to face frequent and impactful data breaches. This paper examines the effectiveness of HIPAA regulations and the necessity for robust best practices in healthcare security through extensive data analysis.

Objective:

The study aims to assess the effectiveness of HIPAA regulations in preventing data breaches and to identify and recommend best practices based on major types of breaches observed in the healthcare system.

Methods:

This study utilized a mixed-method approach, including both qualitative and quantitative analyses. Data from over 15 years of publicly available breach reports by the US Department of Health and Human Services was analyzed. The study also included econometric models with state-wise fixed effects to evaluate the impact of HIPAA regulations and various breach types on the number of affected individuals.

Results:

Our findings indicate that certain breach types such as hacking and IT incidents have a more significant impact on the number of individuals affected compared to others like improper disposal or unauthorized access. States with laws more stringent than HIPAA also showed a variation in breach impacts. The econometric analysis underscores that despite stringent regulations, breaches remain frequent and their impacts significant.

Conclusions:

The study concludes that while HIPAA has increased the privacy and security of patient information, its effectiveness in preventing breaches is limited. It suggests that a multi-layered regulatory approach and the adoption of industry best practices might enhance the resilience of healthcare data systems. The study advocates for continuous reassessment of security protocols and dynamic updating of regulations to address evolving cyber threats and technological advances.