Report: Health Data Breaches Increased by 32% in Last Year

EVENTS

MAY

Summit About Wireless Health Convergence

San Diego

MAY

Webinar About Health IT Privacy, Security Risks

Online

JUN

'Datapalooza' Conference on Health Data Tools

Washington, D.C.

View All Events

FROM THE FOUNDATION

All Over the Map

A newly updated interactive map unleashes data to highlight medical treatment variation across California. Now with breast cancer, prostate cancer, and spine procedures, this CHCF-sponsored research shows that practice patterns vary dramatically from place to place.

Thursday, December 01, 2011

Report: Health Data Breaches Increased by 32% in Last Year

The number of reported medical data breaches has increased by 32% since 2010, according to a report conducted by the Ponemon Institute, MedPage Today reports.

ID Experts, a provider of data breach protection services, sponsored the report (Petrochko, MedPage Today, 12/1).

Report Details

For the report, researchers surveyed 300 officials at 72 health care organizations about their experiences with data breaches (Goedert, Health Data Management, 12/1). They found that medical data breaches could be costing the health care industry an average of $6.5 billion annually (Anderson, Healthcare IT News, 12/1).

The report also found that:

96% of respondents reported experiencing at least one data breach in the last 24 months (Conn, Modern Healthcare, 12/1);
49% of respondents said they experienced a data breach related to the loss or theft of computing or data devices; and
41% of respondents said they experienced a data breach caused by employee mistakes.

Organizations' Data Protection Policies

Researchers asked respondents about their organization's data protection policies and found that:

80% of respondents said their organization uses mobile devices that contain patient data, although about 50% said their organization does not protect the data contained on mobile devices;
73% of respondents said their organization lacks sufficient resources to prevent unauthorized patient data access;
61% of respondents said they are not confident that they know where their organization stores patient data;
55% of respondents said they have little or no confidence that their organization is able to detect all patient privacy incidents; and
53% of respondents said a lack of financial resources is hindering their organization's data breach prevention efforts.

Recommendations

Rick Kam, president and cofounder of ID Experts, recommended that health care organizations reduce their risk of data breach incidents by:

Creating an inventory of all of their stored personal health data;
Developing a plan to respond to data breach incidents; and
Reviewing agreements with business associates about data handling policies (Healthcare IT News, 12/1).

2
12/08/2011
Garry Duplantis

As someone who works in the release of information industry, it's a wonder that only 41% of respondents report a breach due to employee error. In our industry, it is not unusual for a mid-sized hospital to receive hundreds of requests per week from attorneys, insurance companies, healthcare providers and many others. With the number of requests received, I'm amazed that the number of breaches isn't much more than reported. Frankly, it probably is but the only ones that make the headlines are the ones above 500, ones done for mailcious purposes or ones done for monetary gain. Does anyone remember the quest to reduce paper use in the workplace a few years ago? Apparently the work never reached the HIM department and the enteties who need copies of records.

1
12/02/2011
Terry Amiel

Please give specific examples of how and where $6.5 Billion dollars was lost due to data breaches.

I call this a Bullsh*t statement. This is a comment made by a company (Ponemon Institute) that makes their money by selling data protection about how poorly the public is protected from data breaches. Talk about self serving.

They are creating panic and fear of gov't retribution for HIPAA breaches (and there IS a gov't connection) and in so doing making boodles of bucks selling cyber protection.

What a scam. The only thing this does is to make dam* sure that those who do not use EMRs or communicate using 'mobile devices' will remain so. As god intended "stylus on papyrus"

Don't get me wrong, I love computers, but there is a whole lot of IT whizs out there ready to scam you on the tax payers' dollar.

Call me paronoid (your only paronoid if you're wrong) but that's the way I see it.

Readers are also invited to send feedback to: ihb@chcf.org

View All Comments (2)
Print
Email
Share
- Facebook
- Twitter
- Google+
- LinkedIn
- Digg

COMMENTS (2)

"As someone who works in the release of information industry, it's a wonder that only 41% of respondents report a breach due to employee error. In our industry, it is not unusual for a mid-sized hospital to receive hundreds of requests per week from a..."

- Garry Duplantis