Health Care Providers Reporting Rise in Data Security Breaches


Health care organizations have seen an increase in data breaches over the past few years, despite reporting increased confidence in their readiness to handle such breaches, according to a report by HIMSS Analytics and Kroll Advisory Solutions, Healthcare IT News reports (Miliard, Healthcare IT News, 4/10).

HIMSS Analytics is the research arm of the Healthcare Information and Management Systems Society.

The report is based on a survey of 250 health information executives working at hospitals (Kroll Advisory Solutions release, 4/11).

Reported Readiness for Data Breaches

The third biannual report -- titled, "2012 HIMSS Analytics Report: Security of Patient Data" -- found that this year's survey respondents were more confident than previous years' respondents about their readiness to handle a health data breach. The report used a scale of one to seven, with one indicating that they felt "not at all prepared" and seven indicating that they felt "extremely prepared" to handle a breach.

This year, the respondents reported an average readiness score of 6.4, compared with 6.06 in 2010 and 5.88 in 2008. Ninety-six percent of respondents said that their health care organization conducted a formal risk analysis during the last year.

Security Breaches During Past Year

The report found that 27% of respondents said they had experienced a security breach in the last year, compared with 19% in 2010 and 13% in 2008.

Of those who reported experienced a breach in the last year, 69% reported experiencing more than one breach. 

Factors Contributing to Data Breaches

Of the organizations that had experienced a data breach, 79% said the breach was caused by an employee. Of those who experienced a breach in the previous 12 months, 18% said the breach was caused by a third party.

When asked about the factors that are likely to contribute to a health data breach:

  • 45% cited a lack of staff attention;
  • 31% cited the use of mobile devices to store health information; and
  • 28% cited the sharing of health information with third parties.


Lisa Gallagher -- senior director of privacy and security for HIMSS -- said, "Health care organizations need to ensure that their business associates are taking every precaution to safeguard [patient] information ... background checks, employee training and continued monitoring of policies and procedures are steps all covered entities should ensure are taken by their business associates" (Healthcare IT News, 4/10).

to share your thoughts on this article.