Thursday, December 1, 2011

Alarming Rise in Healthcare Data Breaches

We need to be guarding our backside with health data...

A new "Benchmark Study on Patient Privacy and Data Security," conducted by the Ponemon Institute, and sponsored by ID Experts, found that health data breaches are rising rapidly. This is partly contributing to medical identity theft which is costing the healthcare industry billions annually. From 2010 to 2011 the frequency of data breaches in health care organizations increased by 32 percent, with hospitals and health care providers averaging four data breaches per organization, according to the study.

Three leading causes of data breaches in health care were lost or stolen equipment, errors by third parties and employee mistakes. Third-party mistakes, including business associates, account for 46 percent of data breaches reported in the study. However, sloppy mistakes by employees have led to many data breach increases, according to 41 percent of respondents. And unintentional employee negligence was the primary cause of data breaches, due in part to increased use of mobile devices by employees.

Nature or root causes of the data breach incident (more than one choice permitted)
More than 80 percent of health care organizations use mobile devices that collect, store, and transmit some form of personal health information, yet half of all respondents to the study reported that measures were not taken to protect these devices. Securing health information on mobile devices is a new frontier for many organizations.

According to the research, 55 percent of health care organizations say they have little or no confidence they are able to detect all privacy incidents. In fact, 61 percent of organizations are not confident they know where their patient data is physically located. Only 22 percent of organizations say their budgets are sufficient to minimize data breaches. 83 percent of hospitals have clearly written policies and procedures to notify authorities of a data breach, but 57 percent don’t believe their policies are effective.

“Health care data beaches are an epidemic,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “These problems are a direct result of our national economy. Healthcare organizations — especially not-for-profit hospitals and small clinics — have thin margins, are trimming staff and resources and are lacking sufficient security and privacy budgets needed to adequately protect patients. I don’t see this getting better anytime soon.”

“Hospital employees are exposing patient data like the back of a hospital gown,” said Rick Kam, president and co-founder of ID Experts based in Portland, Oregon. “Identity theft and medical identity theft resulting from data breach exposure are commonplace, causing patients financial harm, frustration and embarrassment. Hospitals must vaccinate against data breach risks in order to take better care of patients and their data.”