Patient data protection not a top priority

Hospitals report too few resources to be effective

Data breaches cost health care organizations more than $6 billion annually, and 71% of the respondents to a study released by the Ponemon Institute say they do not have enough resources to prevent or to quickly detect a loss of patient data.1

The study surveyed 65 hospitals in the 100- to 600-bed range, with researchers interviewing an average of 3.25 senior-level personnel in each organization.

Study findings include the following:

• The majority of responding organizations have less than two staff dedicated to data protection management (67%).

• Hospitals say that protecting patient data is not a top priority (70%).

• Most at risk is patient billing information and medical records.

• Patients are typically first to detect a significant number of breaches at health care organizations (41%).

• 60% of organizations had more than two data breaches in the past two years. The average number for each participating organization was 2.4 data breach incidents.

• The average number of lost or stolen records per breach was 1,769. A significant percentage of organizations either did not notify any patients (38% or notified everyone [34%]) that their information was lost or stolen.

• The top three causes of a data breach are: unintentional employee action, lost or stolen computing devices, and third-party mistake.

• 41% discovered the data breach as a result of a patient complaint.

• More than half (58%) of organizations have little or no confidence that their organization has the ability to detect all patient data loss or theft.

• 63% of organizations say it took them between one to six months to resolve the incident.

• 56% of respondents have either fully implemented or are in the process of implementing an EHR system. The majority (74%) of those who have an EHR system say it has made patient data more secure.


1. Poneman Institute, Benchmark Study on Patient Privacy and Data Security 2010. Traverse City, MI.