Hospital Data Breaches Cost $6 Billion Annually

Tuesday, November 16, 2010

Bill Gerneglia


Article by Mark Henricks

Data breaches of patient information cost healthcare organizations nearly $6 billion annually, according to a new study.

The Benchmark Study on Patient Privacy and Data Security also said hospitals place a low priority on protecting patient data, that "enormous vulnerabilities" exist and that many breaches go undetected.

The study was based on interviews with 211 senior-level managers at 65 healthcare organizations conducted for the Ponemon Institute, a privacy and information management research firm, and ID Experts, a data breach solutions vendor.

In a statement, the firms noted that the HITECH Act in 2009 expanded HIPAA privacy and security protections and required healthcare organizations to notify patients when their information is breached.

"At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted," said Chairman And Founder Dr. Larry Ponemon. "Instead we found enormous vulnerabilities."

Among problems were inadequate resources (71 percent) and insufficient policies and procedures (69 percent). Seventy percent of hospitals indicated that protecting patient data is not a top priority and 67 percent had fewer than two staff dedicated to data protection management.

Rick Kam, president and co-founder of ID Experts, said, "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

The report found each data breach costs $2 million per organization over a two-year period.

The cost was based in part on the lifetime value of a lost patient, which was set at $107,580. The average organization had 2.4 data breach incidents over the past two years, surveyors found.

Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error. Patient billing (35 percent) and medical records (26 percent) are most susceptible to data loss or theft.

Cross-posted by CIOZone

Possibly Related Articles:
breaches HIPAA Healthcare Poneman
Post Rating I Like this!
Pamela Dixon Healthcare providers have been required to report data breaches of 500 medical records or more since September 2009. The number of reported breaches are now up to 19%, rising 6% from 2009 to 2010 (HIMSS Analytics.) The cost of a breach can be daunting.* The Pokemon Institute, surveyed executives at 67 healthcare organizations about data breaches over the last two years. Overall, data leaks cost U.S. hospitals $6 billion a year. That translates to about $1 million per hospital per year, add to that the lifetime value of a lost patient is $108,000, and possibly your career.

Everything I read about data breaches and the challenge of successful EHR deployments cites lack of resources.

Considering the cost of failure, investing in the right resources to achieve these strategic objectives is critical.

Pamela Dixon
Managing Partner
healthcare. technology. leadership.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.