Study: Data Breaches Cost U.S. Hospitals Billions

Posted on November 10, 2010 by Steve Fox and Vadim Schick

A new study by the Ponemon Institute concluded that data breaches cause enormous losses for U.S. hospitals:  on average, over a two-year period, each hospital will incur about $2 million in losses due to data breaches, which results in $12 billion cumulative loss for all U.S. hospitals.

The study also found that:

  • Most healthcare organizations experience undetected breaches of patient data due to lack of preparation and staffing. 71% of healthcare organizations reported having inadequate resources, 52% reported having appropriately trained personnel, and 69% reported having insufficient policies and procedures in place to prevent and quickly detect patient data loss; thus leaving such organizations with little or no confidence in their ability to appropriately secure patient records.
  • Protecting patient data is not a priority for 70% of hospitals, with 67% reporting having less than 2 staffers dedicated to privacy and security issues.
  • 71% do not believe the new federal regulations pursuant to the HITECH Act have significantly changed the management practices of patient records.

 According to the Wall Street Journal's Health Blog:

  • A full 60% of the organizations included in the study had more than two data breaches over the previous two years, at a cost of $2 million per organization.

 

  • The average breach involved 1,769 lost or stolen records.

 

  • Senior personnel at the organizations surveyed felt unprepared to prevent or quickly detect breaches. Some 58% of the organizations “have little or no confidence” in the ability of their organization to detect all patient data loss or theft.

 

  • Patients were the first to detect data breaches, report 41% of the organizations.
  • Most of the respondents have either put in place an electronic medical records system or are in the process of doing so. And 74% of those with an EHR system say it has made data more secure. Another 12% said the system made no difference in security, 10% say it made data less secure and 4% were unsure.

You can read the full study by registering here.

"Study: Data Breaches Cost Hospitals $6 Billion Per Year," WSJ Health Blog (November 9, 2010).

 
Tags: , , , , , , , , , , ,

Obama administration announces $975M in HIT grants

Posted on February 16, 2010 by Steve Fox and Vadim Schick

HHS Secretary Kathleen Sebelius, appearing with Labor Secretary Hilda Solis, announced the Obama administration will release almost $1 billion set aside in the stimulus bill in order to aid implementation of health information technology.

Secretary Sebelius announced $386 million in grants to advance widespread adoption of EHRs at the state level, including for health information exchanges (HIEs).  HHS also awarded $375 million to 32 nonprofits for Regional Extension Centers which assist providers in updating their medical record systems and train workers on such new technologies.

Secretary Solis announced around $225 million to support 55 job-training programs in 30 states which is expected to train around 15,000 people in the health records technology.

The Obama administration expects to help more than 100,000 health-care providers set up electronic medical records for their patients by 2014.

According to the Wall Street Journal's Washington Wire blog:

Patient privacy is the top priority,” Health and Human Services Secretary Kathleen Sebelius said. The agency is about to appoint a chief privacy officer, and the government has strengthen [sic] the penalties for negligent security breaches for companies so they reach up to $1 million.

"Electronic Medical Records get a boost," Washington Wire (February 12, 2010).

"Obama awards money for electronic medical records," Associated Press (February 13, 2010).
Tags: , , , , , , , , , , , , ,