About 71% of health care organizations say that federal regulations have not improved patient health record security and that adequate resources are not available to help prevent and quickly detect data breaches, according to a new study by the Ponemon Institute and ID Experts, HealthLeaders Media reports (Nicastro, HealthLeaders Media, 11/9).
For the study -- titled "Benchmark Study on Patient Privacy and Data Security" -- researchers gathered information from 65 health care organizations (Mosquera, Government Health IT, 11/9).
Key Findings
According to 71% of survey respondents, federal regulations like the HITECH Act, which allocated $20 billion in stimulus funds for health IT, have not led to more strict management practices for the security of patient data.
The study also found that:
- Hospitals and clinics lost about 1,769 patient records in each of the average 2.4 data breaches they experienced over the last two years;
- About 20% of data breach incidents involved criminal intent; and
- Common causes for the breaches included improper disposal of paper records and loss of data storage devices like USB drives and laptops.
Seventy-four percent of survey respondents who have already implemented electronic health record systems said security of patient data is now stronger (Greenberg, "The Firewall," Forbes, 11/8).
In addition, the study found that:
- 70% of hospitals said their top priorities do not include protecting patient data;
- 67% of respondents have fewer than two employees dedicated to data protection management;
- Patients are usually the first to detect most breaches at health care organizations (HealthLeaders Media, 11/9); and
- 58% of respondents have little or no confidence in their means to ensure security of patient records (Government Health IT, 11/9).
According to the study, the cost of data breaches annually is $1 million per hospital in the U.S. and about $6 billion for the industry as a whole ("The Firewall," Forbes, 11/8).