Data Security Inadequate at 71% of Hospitals
"This (last) finding suggests that patient data is being unknowingly exposed until the patients themselves detect the breach," the study states. "Healthcare organizations' inability to prevent or detect patient data loss is putting patients at greater risk of medical identity theft, financial identity theft and having their personal health facts disclosed."
The study also finds the cost for data breaches for hospitals as a whole is $6 billion. According to respondents in the study, the economic impact of data breach incidents over a two-year period is approximately $2 million per organization.
Through his research, Dr. Larry Ponemon, data security researcher, has learned that most hospitals are more concerned with "red and black" streams of revenue.
"A lot of organizations are frustrated at the limited number of resources" protecting patient privacy, Ponemon says. "It is an issue."
Other highlights from the study include the following:
- 60% of organizations had more than two data breaches in the past two years. The average number for each participating organization was 2.4 data breach incidents
- The average number of lost or stolen records per breach was 1,769. A significant percentage of organizations either did not notify any patients (38% or notified everyone (34%) that their information was lost or stolen
- The top three causes of a data breach are: unintentional employee action, lost or stolen computing devices and third-party snafu
- 41% discovered the data breach as a result of a patient complaint
- More than half (58%) of organizations have little or no confidence that their organization has the ability to detect all patient data loss or theft
- 63% of organizations say it took them between one to six months to resolve the incident
- 56% of respondents have either fully implemented or are in the process of implementing an EHR system. The majority (74%) of those who have an EHR system say it has made patient data more secure
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- mHealth Tackles Readmissions
- 'Kafkaesque' Value System Unfairly Penalizes Doctor Pay
- CNO Leads $1M Charge for New Scrubs, Uniforms
- Targeting Self-Insured Populations
- MA an Insurance Proving Ground for Providers
- Sharp HealthCare Leaves Pioneer ACO Program
- Some Cancer Hospitals' Quality Data Will Soon Be Public
- Proton Beam Therapy Poised for Growth in US
- Docs Fret as HHS Addresses Malpractice Reporting 'Loopholes'
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013