Skip to main content

Data Breaches Cost Hospitals $6B Yearly

 |  By dnicastro@hcpro.com  
   November 05, 2010

Hospitals spend $6 billion annually because of data breaches, and Federal regulations enacted under the HITECH Act have not improved the safety of patient records research from The Ponemon Institute shows.

Among the data security and privacy research firm's findings:

  • Hospitals are not protecting patient data
  • Hospitals admit to being vulnerable to a data breach
  • Breaches of patient information are occurring frequently and often go unreported, putting patients' privacy at risk
  • A small percentage of healthcare organizations rely on security technologies to prevent and detect data breach incidents
  • Federal regulations—HITECH—have not improved the safety of patient records

Last year, Ponemon released its fifth annual study on the cost of data breaches—"2009 Annual Study: Cost of a Data Breach: Understanding Financial Impact, Customer Turnover, and Preventative Solutions."

That study found the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs, for a total cost of $204.

It is unclear if next week's research will be the sixth annual study or whether it's independent research. The 2009 study focused on 45 U.S. companies from 15 different industry sectors.

The Health Information Trust Alliance's (HITRUST) analyzes of breaches of unsecured protected health information (PHI) of 500 or more affected individuals on the Office for Civil Rights website.

Covered entities and business associates reporting the breaches on the site together could spend nearly $1 billion because of those breaches, the August 2010 report found.

HITRUST used the 2009 Ponemon Institute study that found the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs, for a total cost of $204.

OCR's breach notification website list has grown since the HITRUST report. As of Thursday, November 4, 189 entities have reported breaches of 500 or more.

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Tagged Under:


Get the latest on healthcare leadership in your inbox.