Health Care Data Breach Nightmare Ahead

By CIOinsight  |  Posted 11-10-2010

As hospitals look to cash in on government incentives for meaningful use of electronic health records starting in 2011, they're leaving themselves vulnerable to collective losses of $6 billion a year due to data breaches, according to estimates in a benchmark study by the Ponemon Institute privacy and data-management research firm.

The survey was sponsored by ID Experts, a security consulting firm and maker of RADAR (Risk Assessment, Documentation and Reporting), a cloud-based risk-management program.

For the study, Ponemon Institute interviewed 211 senior-level managers at 65 health care organizations. Of the health care facilities surveyed, 69 percent had insufficient policies and procedures to thwart a data breach and detect the loss of patient data. In addition, 70 percent of hospitals did not find protecting patient data a priority.

When asked to identify the risks that patients face from data breaches, 61 percent of respondents said public exposure or embarrassment; 56 percent mentioned financial identity theft; and 45 percent cited medical identity theft.

Costs of a healthcare data breach are estimated based on expenses such as notification of appropriate government authorities and media, as well as the expense of defending any resulting litigation. Data breaches can result in an estimated $107,580 in revenue losses from patients choosing other facilities for the rest of their lives, according to the report.

For more, read the eWeek article Data Breaches Cost Health Care Industry 6 Billion Annually: Report.