The number of reported medical data breaches has increased by 32% since 2010, according to a report conducted by the Ponemon Institute, MedPage Today reports.
ID Experts, a provider of data breach protection services, sponsored the report (Petrochko, MedPage Today, 12/1).
For the report, researchers surveyed 300 officials at 72 health care organizations about their experiences with data breaches (Goedert, Health Data Management, 12/1). They found that medical data breaches could be costing the health care industry an average of $6.5 billion annually (Anderson, Healthcare IT News, 12/1).
The report also found that:
- 96% of respondents reported experiencing at least one data breach in the last 24 months (Conn, Modern Healthcare, 12/1);
- 49% of respondents said they experienced a data breach related to the loss or theft of computing or data devices; and
- 41% of respondents said they experienced a data breach caused by employee mistakes.
Organizations' Data Protection Policies
Researchers asked respondents about their organization's data protection policies and found that:
- 80% of respondents said their organization uses mobile devices that contain patient data, although about 50% said their organization does not protect the data contained on mobile devices;
- 73% of respondents said their organization lacks sufficient resources to prevent unauthorized patient data access;
- 61% of respondents said they are not confident that they know where their organization stores patient data;
- 55% of respondents said they have little or no confidence that their organization is able to detect all patient privacy incidents; and
- 53% of respondents said a lack of financial resources is hindering their organization's data breach prevention efforts.
Rick Kam, president and cofounder of ID Experts, recommended that health care organizations reduce their risk of data breach incidents by:
- Creating an inventory of all of their stored personal health data;
- Developing a plan to respond to data breach incidents; and
- Reviewing agreements with business associates about data handling policies (Healthcare IT News, 12/1).