RSS Alerts

Share

More services

Related Links

  • Ponemon Institute
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Explosion of patient data privacy breaches can be costly
    There has been a surge in costly patient data privacy breaches among US healthcare providers, notes a recent white paper.
  • South Shore Hospital data breach may affect up to 800,000; contractor named
    Earlier this week, Massachusetts-based South Shore Hospital informed patients, employees, and others affiliated with the institution that personal information may have been exposed when it contracted a data management firm to dispose of outdated files. Now comes news that the company South Shore used was Archive Data Solutions, according to publicly filed records from the Department of Health and Human Services.
  • Louisville hospital loses nearly 25 000 patient records
    Our Lady of Peace psychiatric hospital in Louisville has notified the public of the loss of a flash drive containing the personal information of 24 600 patients.
  • Is Patient Data Privacy on its Sickbed?
    As we stand on the cusp of a massive healthcare modernization program, we face increasing challenges over healthcare data privacy. Danny Bradbury explores what’s happening in the US from a technological perspective, and what it means for our sensitive data
  • US lawmakers upset at breach news delay
    US lawmakers are asking why a stolen laptop, which had medical test results for 2,500 patients in a National Institute of Health study, was not encrypted.

Top 5 Stories

News

Patient data breaches cost hospitals $6 billion per year

09 November 2010

Data breaches of patient information cost healthcare organizations nearly $6bn per year, a study by the Ponemon Institute disclosed.

The impact of a data breach over a two-year period was $2 million per organization, and the lifetime value of lost data on a patient was $107,580, according to the Benchmark Study on Patient Privacy and Data Security prepared by the Ponemon Institute and ID Experts. The study surveyed executives at 65 healthcare organizations.

The average healthcare organization had 2.4 data breach incidents over the two-year period of the study. Factors causing data breaches were unintentional employee action, lost or stolen computing devices, and third-party error. Patient billing and medical record keeping were identified as the most susceptible to data loss or theft.

Despite the high price tag, 70% of healthcare organizations said that protecting patient data was a low priority; 67% of organizations said they had less than two staff members dedicated to data protection management.

A majority of healthcare organizations said they had little confidence in their ability to secure patient records. According to the study, 71% of healthcare organizations had inadequate resources to protect patient data, and 69% said that there were insufficient policies and procedures in place to prevent and detect patient data loss.

The tops risks that patients faced when data was lost or stolen included public exposure or embarrassment, financial identity theft, and medical identity theft, according to the survey.

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs", said Larry Ponemon, chairman and founder of the Ponemon Institute.

"At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH [Health Information Technology for Economic and Clinical Health], now that it's been more than one year since it was enacted. Instead we found enormous vulnerabilities. The protection of patient data should be at the forefront of their efforts."

A full 71% of respondents did not believe the HITECH Act regulations had significantly changed the management practices of patient records. The findings also indicated that there were a significant number of data breaches that went undetected.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure", said Rick Kam, president and co-founder of ID Experts. "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

This article is featured in:
Compliance and Policy  • Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012