Is your patient data protected?

Survey finds data breaches spike within past two years

Topics: HIPAA, Standards and Regulatory Policy, Information Technology, Electronic Medical Records Strategy, Data Strategy

December 02, 2011

Nearly all health care officials participating in a survey said their organization had experienced a patient-data breach within the past two years, a recent report by the Ponemon Institute found.

For the report—which was sponsored by ID Experts, a provider of data breach protection services—researchers surveyed 300 officials at 72 health care organizations about their experiences with data breaches. They found that medical data breaches could be costing the health care industry an average of $6.5 billion annually.

According to the study, 96% of respondents reported a breach. Meanwhile, the number of reported medical data breaches has increased by 32% since 2010; 49% of respondents said they experienced a data breach related to the loss or theft of computing or data devices; and 41% said they experienced a data breach caused by employee mistakes.

  • How can you prevent data breaches? See the Advisory Board's library of research on preempting threats and safeguarding data.

Protection policies
Researchers also asked respondents about their organization's data protection policies and found that:

  • 80% of respondents said their organization uses mobile devices that contain patient data, although about 50% said their organization does not protect the data contained on mobile devices; 
  • 73% of respondents said their organization lacks sufficient resources to prevent unauthorized patient data access; and
  • 61% of respondents said they are not confident that they know where their organization stores patient data.

To reduce the risk of data breaches, the researchers recommend that health care organizations create an inventory of all of their stored personal health data, develop a plan to respond to data breach incidents, and review data-handling agreements with business associates (Petrochko, MedPage Today, 12/1; Goedert, Health Data Management, 12/1; Anderson, Healthcare IT News, 12/1; Conn, Modern Healthcare, 12/1 [subscription required]).

 

You May Also Like

Tell Us What You Think

You must be logged in to comment

Explore By:

Members: Please log in!

Are you a member of the Advisory Board? For access to all of your exclusive member content, please log in. Questions? Need a password reminder? Contact us.

Related Items

  • HHS gears up for HIPAA compliance audits

    November 11, 2011
    Daily Briefing

    HHS' Office for Civil Rights this month will start auditing covered entities—including hospitals, office-based physicians, and health plans—for compliance with HIPAA privacy, security, and data breach notification rules.

  • Report: Many medical workers post patient information to Facebook

    October 28, 2011
    Daily Briefing

    A new report finds that many U.K. medical workers post confidential patient data on Facebook, underscoring the difficulty of balancing social media use with patient privacy, the London Telegraph reports.

  • Five steps to avoid an MU reporting glitch

    December 02, 2011
    Daily Briefing

    Request a complimentary copy of the research brief Don't Ignore GE's Reporting Glitch—What it Means to You and learn the five steps you need to take to prepare your organization for an audit.

Connect with The Advisory Board