Study Shows Increase in Patient Healthcare Data Breaches

A 2011 study about patient privacy and data security in hospitals, doctors' offices and other healthcare organizations concluded that data breaches are on the rise in the healthcare industry. These organizations are subject to Health Insurance Portability and Accountability Act (HIPAA), which establishes rules that control how an organization may use private patient information and under what circumstances an organization may disclose that information to third parties.

The study, conducted by the Ponemon Institute, found that the organizations surveyed had experienced an average of four data breaches during the last two years. The 2010 study found that organizations had experienced only three data breaches, on average, in the two years preceding that study. The actual number of breaches could be significantly higher: More than 60% of the individuals surveyed said they were not confident that their organization had detected all of the privacy incidents that occurred.

Several factors contributed to breaches of private patient healthcare information. Some 41% of the survey respondents cited unintentional employee actions, while 49% attributed breaches to lost or stolen laptops and other mobile devices. (More than 80% of the organizations surveyed reported that they used mobile devices to manage or transmit patient health information.) Forty-six percent of survey participants cited errors by third parties, such as vendors and contractors, as a cause of data loss.

More than 80% of those surveyed believed patients should be notified as soon as possible of any data-security incidents involving patient health information. However, the study found that organizations take, on average, seven weeks to notify patients of a breach. The average cost per organization of a breach for the two years covered by the 2011survey was $2.2 million, a 10% increase over the average cost under the 2010 survey. 

HIPAA training for the healthcare workforce can help change employee behavior, making breaches less likely to occur and potentially saving your organization the time, effort and expense of resolving resolve data-security breaches. 

Categories: Data Privacy & Security