HIPAA Data Breaches Result in Hit to Patient Loyalty and High Costs

Another case of stolen, unencrypted laptops has compromised the health data of 729k patients – affecting Medicare patients across six different California hospitals within the AHMC Healthcare Inc. system. Two laptops were stolen from an office with physical security in place. According to AHMC, the office was gated and patrolled by security officers, as well as video-monitored.

Another case of stolen, unencrypted laptops has compromised the health data of 729k patients – affecting Medicare patients across six different California hospitals within the AHMC Healthcare Inc. system. Two laptops were stolen from an office with physical security in place. According to AHMC, the office was gated and patrolled by security officers, as well as video-monitored.

The protected health information (PHI) included names, ID numbers, diagnosis/procedure codes and insurance/patient payments. This incident highlights the importance of not only physical security, but technical security, particularly encryption. While encryption is viewed as an addressable standard (meaning: optional), it’s really considered a best practice, particularly in the healthcare industry.

Encryption can be a challenge to implement, especially at the software-level, but using a HIPAA cloud solution with hardware-based encryption is one way to protect data at rest. Watch our data encryption video, Challenges to Encrypting Data that explains the many challenges to encrypting data and the best practices of data security. The effects of a data breach can be costly, and a new survey shows that two-thirds of U.S. adults refuse to return to a business if their personal information was stolen.

Conducted by Harris Interactive and Cintas, the survey asked which types of organizations they would stop doing business with in the event their data was compromised – banking, healthcare and lawyers were the top contenders. Forty percent said they would get a new doctor, while 35 percent said they wouldn’t return to their hospital.

This doesn’t bode well for hospitals and healthcare systems that don’t encrypt their data, and take other security risks. Compliance doesn’t always equate with security, so conducting a thorough risk assessment could help find vulnerabilities and save a potential loss of consumer loyalty in the future. For a primer on the technical aspects, read our HIPAA FAQ or download our HIPAA compliant hosting white paper.

Not only does a healthcare organization lose out on patient loyalty, but the per capita cost of a data breach happens to be 71 percent higher for healthcare than the average across all industries, as you can read more about in the article 2013 Healthcare Data Breaches Cost 71% More Than The Average Data Breach.