Blog
HIPAA Trends
2024 HIPAA Trends and Statistics

2024 HIPAA Trends and Statistics

Read this blog to learn how 2024 compared to 2023 regarding HIPAA Security, Breach Notification, and Privacy Rules trends.

Updated
February 3, 2025
Posted
February 3, 2025
HIPAA
Data Security Trends
HIPAA Trends
2024 HIPAA Trends and Statistics

Where do these HIPAA stats come from? 

Every year, SecurityMetrics conducts surveys of over 100 healthcare providers and professionals who are responsible for becoming HIPAA compliant. These professionals typically have less than 500 employees but work closely with much larger organizations, sharing patient data. These statistics are important because they reflect the current data security trends among all healthcare organizations, regardless of size. 

Read this blog to learn how 2024 compared to 2023 regarding HIPAA Security, Breach Notification, and Privacy Rules trends. 

Patient Data Security Trends

Of the 100 healthcare entities responding, 71% of them reported that they encrypt patient data, per HIPAA regulations. 81% responded that they destroy or delete sensitive data, which is less than the previous year. 69% of organizations say that they use MFA (multi-factor authentication), and 72% have automatic timeouts/logouts enabled on all of their workstations. 

Email Security Trends

55% of organizations reported that they don’t send emails containing patient data, which is lower than 2023. However, 60% report emailing patient data through encrypted email services, which is an improvement. 47% of professionals said that they use a patient portal to communicate patient data, and only 7% report sending patient data through unencrypted emails. 

Mobile Device Security Trends

78% of healthcare providers report that they don’t let employees use organizationally owned mobile devices for personal use. 43% have a mobile device policy in place, per HIPAA rules, including a BYOD (bring your own device policy). Unfortunately, 40% report that they don’t use mobile encryption, which is higher than 2023. 

Firewall Best Practices 

Staff education efforts have paid off, as only 16% of employees report not knowing what firewall their organization uses, which is an improvement from last year. Interestingly, 51% of respondents use a security professional or third party provider to manage their network firewall. Roughly 21% review their firewall rules at least quarterly, which is also an improvement from last year. 

System Monitoring Trends

58% of respondents said that they store system logs per HIPAA requirements, but only 23% review their data prevention tool logs at least monthly. When it comes to reviewing access controls, 57% review at least annually. 

Vulnerability Scanning Trends

55% report conducting vulnerability scans and 26% conduct scans at least quarterly, which are both higher than 2023’s report.

Penetration Testing Trends

Coming in as the same as last year, 22% report conducting penetration tests, with 31% performing their pen tests yearly. 

HIPAA Documentation Trends

41% of respondents report reviewing their BAA (business associate agreement) documentation at least annually, with 48% updating their NPP (notice of privacy practices) at least annually. When it comes to reviewing HIPAA compliance documentation, 72% review at least annually. 

Incident Response Trends

Unfortunately, 7% of respondents don’t have any response plan policies in place, including an incident response plan, disaster recovery plan, or business continuity plan. Fortunately, this percentage is lower than then the previous year, demonstrating more businesses are taking response plans seriously. 71% review their response plan at least annually and 32% report testing their incident response plan. 

HIPAA Training Trends

Perhaps one of the most important trends to analyze is how frequently employees are being trained on HIPAA compliance. This year, 62% report training employees annually with 81% providing HIPAA Security Rule training, 63% training on HIPAA Breach Notification Rule, and 89% providing HIPAA Privacy Rule Training. Only 36% of respondents say they don’t test employees on their HIPAA training, and 50% test employees on HIPAA training at least annually, an improvement from last year. 

What can we learn from these HIPAA trends? 

Adequately training your staff on HIPAA policies and rules is as vital as ever, with an increase in attack trends, particularly sophisticated attacks on the healthcare industry. This means your staff needs regular social engineering and phishing training, so they can identify potential scams ahead of time. 

Above all, remember to practice good “cyber hygiene” so attackers have limited access to your network and employees.

Join Thousands of Security Professionals.

Subscribe Now

Get the Latest Trends

View Learning Center

Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart Inspect (PCI Req. 11.6.1)Shopping Cart Monitor (PCI Req. 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000