HHS Data Tells the True Story of HIPAA Violations in the Cloud
I found this article from Software Advice timely and important for several reasons. First,to point out the large amount of patient data lost in data breaches but secondly to point out that, as in the famous line from the Pogo cartoon, "We have seen the enemy and he is us".
Most healthcare data breaches are caused by careless actions on the part of covered entity staff or business associates. The best prevention is proper policies and procedures and ongoing training and awareness. Unfortunately many privacy and security programs are primarily security programs and not privacy programs. Partially this is due to IT departments focusing on what they know which is security. So while they are watching the firewall an employee is leaving an unencrypted laptop on the front seat of their unlocked car.
So while I am probably beating a dead horse, or preaching to the choir, choose your metaphor, the goal is still to get compliant, stay compliant, and prove compliance with the compliance metertm.