The Ponemon Institute published their annual report on Data Breaches at hospitals across America. The findings are alarming and continue to reflect a lack of attention, resources, and funding on safeguarding patient information. At some point, hospital administrators will make protecting patient information second on the list just below patient outcome. Here are some of the findings:
The average economic impact of a data breach over the past two years for the healthcare organizations represented in this study is $2.4 million. This is an increase of almost $400,000 since the study was first conducted in 2010.
• The average number of lost or stolen records per breach is 2,769. The types of patient data lost or stolen most often are medical files and billing and insurance records.
• The top three causes for a data breach are: lost or stolen computing devices, employee mistakes and third-party snafus.
• Fifty-two percent discovered the data breach as a result of an audit or assessment followed by employees detecting the breach (47 percent).
• More than half (54 percent) of organizations have little or no confidence that their organization has the ability to detect all patient data loss or theft.
Employee training and security risk assessments are the best way to raise awareness, address vulnerabilities and comply with HIPAA regulations. However, only 48% of the institutions do this annually. One would think, the 2.4 million dollar average breach figure would motivate annual training and security risk assessments.