Ponemon Institute has released their study findings on hospitals and patient privacy and the results seem to confirm my fears from a few months ago when I looked at the cost data breaches. The wake-up call comes straight from the study intro:
Our study found that the number of data breaches among healthcare organizations participating in the 2010 and 2011 studies is still growing—eroding patient privacy and contributing to medical identity theft. On average, it is estimated that data breaches cost benchmarked organizations $2,243,700. This represents an increase of $183,526 from the 2010 study despite healthcare organizations’ increased compliance with federal regulations.
Other highlights include:
- data breaches are up by 32 percent
- costs to healthcare industry: $6.5 billion (enough to hire 81,250 registered nurses nationwide)
- causes: widespread use of unsecured mobile devices, employee mistakes, procedures not being followed
- patients’ privacy coming in last; medical identity theft up
- data breaches likely to increase given lack of resources at hospitals
The good news is that healthcare organizations have improved by having more trained and knowledgeable staff and better policies and governance. And, this has likely contributed to the decrease from 41% to 35% in respondents who say data breaches are discovered by patients.
It really is time for consumers, policy makers and providers to pay attention before we find ourselves having to give up ground on the progress we have made to date. If you are interested in my thoughts about managing the risks of mobile devices you should read my recent post on Tablets in Healthcare.