Patient data protection not a top priority
Hospitals report too few resources to be effective
Data breaches cost health care organizations more than $6 billion annually, and 71% of the respondents to a study released by the Ponemon Institute say they do not have enough resources to prevent or to quickly detect a loss of patient data.1
The study surveyed 65 hospitals in the 100- to 600-bed range, with researchers interviewing an average of 3.25 senior-level personnel in each organization.
Study findings include the following:
The majority of responding organizations have less than two staff dedicated to data protection management (67%).
Hospitals say that protecting patient data is not a top priority (70%).
Most at risk is patient billing information and medical records.
Patients are typically first to detect a significant number of breaches at health care organizations (41%).
60% of organizations had more than two data breaches in the past two years. The average number for each participating organization was 2.4 data breach incidents.
The average number of lost or stolen records per breach was 1,769. A significant percentage of organizations either did not notify any patients (38% or notified everyone [34%]) that their information was lost or stolen.
The top three causes of a data breach are: unintentional employee action, lost or stolen computing devices, and third-party mistake.
41% discovered the data breach as a result of a patient complaint.
More than half (58%) of organizations have little or no confidence that their organization has the ability to detect all patient data loss or theft.
63% of organizations say it took them between one to six months to resolve the incident.
56% of respondents have either fully implemented or are in the process of implementing an EHR system. The majority (74%) of those who have an EHR system say it has made patient data more secure.
1. Poneman Institute, Benchmark Study on Patient Privacy and Data Security 2010. Traverse City, MI.