Resource:
Third Annual Benchmark Study on Patient Privacy & Data Security
Despite increased compliance with HIPAA and the HITECH Act, health care data breaches are on the rise - eroding patient privacy, contributing to medical identity theft and costing the health care industry billions annually.
Introduction
Health care organizations seem to face an uphill battle in their efforts to stop and reduce the loss or theft of protected health information (PHI) or patient information. As is revealed in the Third Annual Benchmark Study on Patient Privacy and Data Security, many health care organizations struggle with a lack of technologies, resources and trained personnel to deal with privacy and data security risks.
The consequence of not having adequate funding, solutions and expertise in place is clear. Since first conducting this study in 2010 the percentage of health care organizations reporting a data breach has increased and not declined. Further, there are more reports of multiple breaches and only 40 percent of organizations in this study have confidence that they are able to prevent or quickly detect all patient data loss or theft.
Since 2010 the threats to health care organizations have become increasingly more difficult to control. Technologies that promise greater productivity and convenience such as mobile devices, file-sharing applications and cloud-based services are difficult to secure. Employee mistakes and negligence also continue to be a significant cause of data breach incidents. Another worry presented in this research is that sophisticated and stealthy attacks by criminals have been steadily increasing since 2010.
The price tag for dealing with these breaches can be staggering. While the cost can range from $10,000 to more than $1 million, we calculate that the average cost for the organizations represented in this benchmark study is $2.4 million over a two-year period. This is up slightly from $2.2 million in 2011 and $2.1 million in 2010.
The types of health care organizations participating in the study are hospitals or clinics that are part of a hea lth care network (46 percent), integrated delivery systems (36 percent) and standalone hospital or clinic (18 percent). This year 80 health care organizations participated in this benchmark research and 324 interviews were conducted1. Respondents interviewed work in all areas of the organization: security, administrative, privacy, compliance, finance and clinical.
Download the report to read more.
