Assigment_4
Eric Nesline
2023-02-26
Background and Introduction
The US Department of Health and Human Services in the Office for Civil Rights is responsible for collecting and reporting breaches of protected health information. This is mandated by United States law and that the Office for Civil Rights reports these breaches where cases have affected more than 500 individuals.
The main goal here is to depict and display important information that can be used to asses the impacts of these breaches and possibly limit future breaches.
Introduction to Data Set
Data Reported for each Breach 1. Name of Covered Entity (Organization responsible) 2. State (US state where breach was reported) - State Abbreviation 3. Covered Entity Type - Health Plan, Healthcare Provider, Business Associate, Healthcare Clearing House 4. Individuals Affected (Number of records affected by breach) 5. Breach Submission Date (Date of breach reported by Covered Entity) 6. Type of Breach (how unauthorized access was obtained) - Hacking/IT Incident, Improper Disposal, Loss, Theft, Unauthorized Access/Disclosure, Unknown, or Other. (Can be multiple types for 1 breach) 7. Location of Breached Information (Where was the Protected Health Info when unauthorized access was obtained) 8. Business Associate Present (Was a business Associate present) - Yes/No 9. Web Description (Statement explaining what happened and the resolution)
Data Quality and Wrangling
Making sure all data is properly sorted and the appropriate data type.
Analysis
Here are some analysis to help show what this data is telling and specific relationships among the data.
Number of Healthcare Data Breaches by Year
After seeing the total number of breaches each year 2018 holds the lowest amount of reported cases, followed by 2009. However, the breaches spiked from 2009 to 2010 and held relatively constant until 2012, totally around 200 cases in each year. In 2013, cases spiked to over 250 cases for the first time. 2014 had even more cases, reaching highest amount of cases for all the years in the data. 2015 dropped back down to 200 range and then increased in 2016 before decreasing in 2017 and again in 2018.
Top 25 Largest Health Care Breaches
| Name of Covered Entity | Individuals Affected |
|---|---|
| Anthem, Inc. Affiliated Covered Entity | 78800000 |
| Science Applications International Corporation (SA | 4900000 |
| Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group | 4029530 |
| 21st Century Oncology | 2213597 |
| Xerox State Healthcare, LLC | 2000000 |
| IBM | 1900000 |
| GRM Information Management Services | 1700000 |
| AvMed, Inc. | 1220000 |
| Montana Department of Public Health & Human Services | 1062509 |
| The Nemours Foundation | 1055489 |
| BlueCross BlueShield of Tennessee, Inc. | 1023209 |
| Sutter Medical Foundation | 943434 |
| Valley Anesthesiology Consultants, Inc. d/b/a Valley Anesthesiology and Pain Consultants | 882590 |
| Horizon Healthcare Services, Inc., doing business as Horizon Blue Cross Blue Shield of New Jersey, and its affiliates | 839711 |
| Iron Mountain Data Products, Inc. (now known as | 800000 |
| Utah Department of Technology Services | 780000 |
| AHMC Healthcare Inc. and affiliated Hospitals | 729000 |
| EISENHOWER MEDICAL CENTER | 514330 |
| Radiology Regional Center, PA | 483063 |
| Puerto Rico Department of Health - Triple S Management Corp. | 475000 |
| St Joseph Health System | 405000 |
| Spartanburg Regional Healthcare System | 400000 |
| Triple-S Salud, Inc. - Breach Case#2 | 398000 |
| Triple-S Salud, Inc. | 398000 |
| Community Health Plan of Washington | 381504 |
This depicts the largest healthcare breaches by number of individuals affected. The largest breach was the Anthem Inc. breach that had 78.8 million individuals affected. This is far and away the largest breach as the next largest breach only has 4.9 million individuals affected. There are only 11 breaches that have over 1 million individuals affected. It is important to note this list as these incidents can be deeper analyzed for future prevention and tracking.
Total Healthcare Records Exposed by Top 10 States
This shows the 10 states with the largest amount of total individuals affected across all breaches. The Total Affected in Each State is in increments of about 20 million individuals. Indiana has the most individuals affected by a significant margin. Although, Puerto Rico is an U.S territory it is still within the data set and is actually ranked in the top 10 for total individuals affected. This could be in large part of a lack of resources among their healthcare system. Besides Puerto Rico, all of the States listed are within the top 20 most populated States. However, Indiana is the least populated State, meaning the Anthem Breach that had 78.8 million affected carries the load.
The Number of Healthcare Hacking Incidents by Month
Months are listed from 1 to 12 with 1 being January and 12 being December. March, April, and September are the most popular months of Hacking Incidents with each month having over 25 incidents. February and November hold the least amount of hacks. This can be noted for future reference when more or less hacks are anticipated.
Number of Breaches by Covered Entity Type
| Covered Entity Type | Breaches |
|---|---|
| Business Associate | 285 |
| Health Plan | 200 |
| Healthcare Clearing House | 4 |
| Healthcare Provider | 1220 |
The Covered Entity Type only consists of four different types. As stated, these types are Business Associate, Healthcare Provider, Health Plan, and Healthcare Clearing House. This table shows a total count of breaches for each specific type. The Healthcare Provider covered entity is the most common type at 1,220 breaches. While there are only 4 breaches for Healthcare Cleaning House, Health Plan and Business Associate have a relatively close proximity in breaches. It can be inferred that Healthcare Providers typically deal more with health records and have higher risk for breaches as they deal with diagnosis and treatments for millions of patients around the country.
Weekday by Number of Breaches Reported
The day of the week is ordered by numbers 1 through 7 with 1 being Sunday and 7 being Saturday . The visual displays that the weekends have less breaches than weekdays. This could be due to business operations not being held on weekends. Friday is the most popular day for breaches. This can be used for future evaluations when might be the most popular day of a breach. Combining this with breaches for months, a Friday in the months of March, April or September may be at high risk for a breach compared to other days and months.
Years with over 50 Business Associate and 150 Healthcare Providers breaches.
When looking at covered entity types there were 285 total Business Associate breaches and 1,220 Healthcare Provider breaches. With this, there was a need to dive into years where there were more than 50 Business Associates and 150 Healthcare Provider breaches. The years where this was deemed true was 2013 and 2014. This also ties into the overall breaches for years, as 2013 and 2014 had the most breaches overall.
Massachusetts Office Findings
The Massachusetts office is seeking the covered entities where the total number of individuals affected was greater than 10,000.
| Name of Covered Entity | State | Individuals Affected |
|---|---|---|
| Pioneer Valley Pathology | MA | 24750 |
| Spectrum Health Ssytems, Inc. | MA | 14750 |
| Baystate Health, Inc. | MA | 13112 |
| Joseph A. Gagnon d/b/a Goldthwait Associates | MA | 11000 |
| DentaQuest | MA | 10515 |
This displays that there were only 5 breaches where this occurred. Pioneer Valley was the largest breach 24,750. With Massachusetts, specifically Boston, being known as a hotbed of renowned hospitals this follows their reputation. Although any breach has negative affects, Massachusetts has done a good job overall limiting this.
Years with the most breaches in Massachusetts
| Year | State | Breaches |
|---|---|---|
| 2010 | MA | 6 |
| 2011 | MA | 8 |
| 2012 | MA | 5 |
| 2013 | MA | 8 |
| 2014 | MA | 5 |
| 2015 | MA | 4 |
| 2016 | MA | 4 |
Massachusetts has no breaches in 2009, 2017. and 2018 reported. 2011 and 2013 have the most breaches with 8. In 2015 and 2016 breaches are at its lowest with 4. With the lack of breaches in 2015-2018 this is great sign for health record data security. This could be likely attributed to strength of hospitals and increased security among records.