Intentional loss is the deliberate act of disclosing information for reasons that often align with personal gain or other malicious intent. This is an especially dangerous form of data loss to healthcare organizations, where the discovery of lax policies resulting in patient data loss can result in a HIPAA violation.
Intentional data loss is the deliberate destruction, alteration, or unauthorized data exposure for malicious intent or personal gain. It occurs through data theft or sabotage, where individuals or groups purposely manipulate information.
A Journal of Cybersecurity and Privacy study provides the reasons behind intentional data loss, “Some of the reasons for this type of threat are negligence in sharing data, a lack of data monitoring, a lack of access limitations to sensitive data, and a lack of awareness.” It differs from accidental data losses which result from human error or system failure, intentional data loss is planned and executed with clear objectives.
Intentional data loss in email commonly occurs when an individual deliberately alters, deletes, or shares protected health information (PHI) in unauthorized ways. Examples of how it occurs include sending emails to the wrong recipient, failing to securely store or encrypt messages purposely, or leaking data within email chains. This form of data loss often comes from an internal threat that causes the bypass of established internal security protocols.
Patient consent is generally necessary to email patients.
The Security Rule is a HIPAA regulation that sets standards to protect electronic PHI (ePHI).
Common causes include: