Data breaches have been all over the headlines recently. This disturbing trend is prevalent in the health care industry, where confidential patient information is a frequent target. Just how widespread is the problem? According to a study published a few weeks ago in JAMA, between 2010 and 2017, more than 176 million confidential health records were breached. This figure includes 37.1 million that were controlled by health care providers. Clearly, data security must be shored up in order to remain compliant under the 1999 Health Insurance Portability and Accountability Act (HIPAA).
Data Breaches Categorized
Health care providers aren’t the only ones in the industry who have suffered large-scale data breaches. For the JAMA study, researchers broke data breaches into three separate categories based upon the organization handling the records: health care providers, health plans, and business associates, a group that includes claims processors and others who do not provide or pay for care but have access to HIPAA-protected health records. While data breaches of records controlled by providers during this period rose sharply, the increase was less substantial for health plans, and actually declined for business associates.
70 percent of the incidents were attributed to health care providers. However, providers hold a smaller percentage of overall patient records (21 percent of total breaches). Conversely, while health plans were responsible for 13 percent of breaches, the number of affected records they were responsible for totaled 63 percent.
Regardless of the statistical breakdown, data security is a crucial issue for the health care industry. It’s interesting to note that at the outset of the study, in 2010, most breaches involved laptop, paper, or film records; by 2017, the focus had shifted to network servers and emails. The largest share of data breaches, 79 percent, is comprised of records breached via network servers. Server data will remain susceptible as hackers continue to make inroads.
David Blumenthal, M.D., the national coordinator for Health Information Technology from 2009-2011, acknowledges the problem. “The personal health information of patients in the United States is not safe,” he states. “Threats to the safety of healthcare data need much more focused attention than they have received in the past from both public and private stakeholders.”
Unfortunately, the JAMA study does not offer solutions to this problem, but continued vigilance and a strong commitment toward protecting patient health care records should be an ongoing priority in any health care setting.