Medical Data Breaches Rise 32 Percent Each Year

Thu, 06/06/2013

Recent studies have shown, that the cost of data breaches to healthcare organizations has risen from $180K to over $2.2M since 2010.  The number of breaches has also been increasing on average by approximately 32% year after year.  This equates to a loss of $6.5 billion per year industry wide.

Ironically, the majority of these breaches were not caused be sophisticated computer hackers, but rather were a result of employee neglect.  The loss of IT devises and discarding of PHI via unsecure methods were huge contributors.  Poor security measures of both storing and discarding critical PHI data was a significant reason for the increase.  To add insult to injury, 83% of hospitals reported that it takes their organization one to two months after an occurrence to notify their patients of a breach.  Enough time for thieves to wreak serious harm to ones credit.

Here are some statistics of data breaches consequences within the healthcare industry:

  • 81% Diminished productivity
  • 78% Reputation diminishment
  • 75% Loss of community trust
  • Patient Churn: Loss of approx. $113K per patient

Although investing in proper HIPPA compliant policies and procedures can be costly and time consuming, the results far outweigh the losses of data violations.  Those organizations who do not implement such practices are at risk of non-compliance and can face significant financial loss in addition to serious consequences which can negatively impact their business survival.

What can healthcare organizations do to help prevent loss?

Limit Personnel Access

The area where critical paper documents are stored must be secure on many levels and access should be limited to only those who truly need the information and have been screened and verified for retrieval.  PIN pad processors or swipe card readers can greatly improve the security measures of records storage.

Move Records Off-site

Rather than installing and maintaining costly security monitoring devices, storing documents off-site at security storage centers can be a cost-effective and safe method of retention.  When choosing a storage facility, it’s important to investigate a company’s reputation and security protocol.  Who has access to the documents?  How are documents destroyed upon your request?  It the chain of custody secure? Etc.

Securely Destroy Unneeded Documents

After a document has run its course, it must be properly destroyed rendering the data irretrievable.  Knowing who is responsible for handling, transporting and destroying the documents is critical to avoiding the potential disaster of a data breach.  Having a secure certified, insured and bonded document shredding service provider handle the work is not only advisable, but should be considered mandatory.  When it comes to stacks and stacks of paper to destroy, using that office machine will quickly become child’s play in no time.