The report, Privacy and Security in Health Care: A Fresh Look, says that as the health care industry increasingly adopts electronic health records, clinical data warehousing, home monitoring, and telemedicine, the risks of patient data breaches are also increasing. This could lead to more medical fraud and identify theft.

Some of the reasons identified in the report for inadequate data protections by health care providers include lack of internal resources, poor internal controls over patient records, lack of upper management support for data security, outdated policies and procedures, and inadequate personnel training.

“The cost of a security breach can be damaging not only to a company’s bottom line, but also to the reputation of its brand,” said Russ Rudish, vice chairman of Deloitte. “As health care organizations adopt new technologies that leverage health information, it is also imperative that they conduct a senior management-led, board-approved audit of privacy and security risk, and plan to make enhancements in support of current policies, rules and regulations.”

The report recommends that the health care industry adopt a three-prong approach to improve data security: develop and implement appropriate data security controls to mitigate or avoid risk; adopt and implement policies, procedures, and training to mitigate or avoid risk; and verify organizational compliance with policies and standards.