A new study by the Ponemon Institute concluded that data breaches cause enormous losses for U.S. hospitals: on average, over a two-year period, each hospital will incur about $2 million in losses due to data breaches, which results in $12 billion cumulative loss for all U.S. hospitals.
The study also found that:
- Most healthcare organizations experience undetected breaches of patient data due to lack of preparation and staffing. 71% of healthcare organizations reported having inadequate resources, 52% reported having appropriately trained personnel, and 69% reported having insufficient policies and procedures in place to prevent and quickly detect patient data loss; thus leaving such organizations with little or no confidence in their ability to appropriately secure patient records.
- Protecting patient data is not a priority for 70% of hospitals, with 67% reporting having less than 2 staffers dedicated to privacy and security issues.
- 71% do not believe the new federal regulations pursuant to the HITECH Act have significantly changed the management practices of patient records.
According to the Wall Street Journal's Health Blog:
- A full 60% of the organizations included in the study had more than two data breaches over the previous two years, at a cost of $2 million per organization.
- The average breach involved 1,769 lost or stolen records.
- Senior personnel at the organizations surveyed felt unprepared to prevent or quickly detect breaches. Some 58% of the organizations “have little or no confidence” in the ability of their organization to detect all patient data loss or theft.
- Patients were the first to detect data breaches, report 41% of the organizations.
- Most of the respondents have either put in place an electronic medical records system or are in the process of doing so. And 74% of those with an EHR system say it has made data more secure. Another 12% said the system made no difference in security, 10% say it made data less secure and 4% were unsure.
You can read the full study by registering here.
"Study: Data Breaches Cost Hospitals $6 Billion Per Year," WSJ Health Blog (November 9, 2010).