Study: Patient data breaches cost healthcare orgs $6B annually

Jeff Byers | | Health Imaging | Artificial Intelligence
Data breaches of patient information cost healthcare organizations in the U.S. nearly $6 billion annually, and many breaches go undetected, according to a released report from privacy and information management research firm Ponemon Institute.

Sixty-five organizations participated in the survey, which was sponsored by Portland, Ore.-based ID Experts. The research asserted that protecting patient data is a low priority for hospitals and that organizations have little confidence in their ability to secure patient records.

The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580, according to Ponemon, of Traverse City, Mich. The average organization had 2.4 data breach incidents over the past two years. Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error, the firm stated.

In addition, 58 percent of organizations reported having little or no confidence in their ability to appropriately secure patient records. Seventy-one percent of respondents have inadequate resources and 69 percent said they have insufficient policies and procedures in place to prevent and quickly detect patient data loss, the researchers found.

Seventy percent of responding hospitals stated that protecting patient data is not a top priority. Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft, the report stated, while a majority of organizations have less than two staff dedicated to data protection management (67 percent).

“HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records,” the report concluded. “The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records. The findings indicate that there are a significant number of data breaches that go undetected, and therefore unreported.”

The study acknowledged that because the sample size is small, "the ability to generalize findings about organizational size, organizational type and program maturity is limited. Great care should be exercised before attempting to generalize these findings to the population of all healthcare providers."

Jeff Byers

Related Content

Experts highlight 'significant concerns' with fluctuating accuracy of popular large language models
FDA clears AI screening tool for cardiac amyloidosis
Are providers too trusting of AI's advice?
Pairing an alert system with CAD software halves time-to-treatment for pneumothorax
Deep learning reconstruction cuts radiation and contrast dose by half in aortic CTA exams
New study highlights the need to include more challenging datasets in AI training

Around the web

Cardiovascular Business
Positron partners with Upbeat Cardiology Solutions to improve cardiac PET/CT access

Positron, a New York-based nuclear imaging company, will now provide Upbeat Cardiology Solutions with advanced PET/CT systems and services. 

Cardiovascular Business
Global shortage of nuclear imaging isotopes may be over

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

Cardiovascular Business
‘A huge win’: CMS significantly increases Medicare payments for cardiac CT

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.