Hospitals put your data at risk, study finds

Lying in a hospital bed, the last thing you should have to worry about is a personal data breach. Yet recent research co-authored by a Michigan State University business scholar found nearly 1,800 occurrences of large data breaches in patient information over a seven-year period.

The study, by Xuefeng "John" Jiang, MSU associate professor of accounting, and colleagues from Johns Hopkins and Ball State universities, is published in JAMA Internal Medicine. The data breaches occurred in facilities ranging from UC Davis Medical Center in California to Henry Ford Hospital in Michigan.

"Our findings underscore the critical need for increased data protection in the health care industry," Jiang said. "While the law requires and systems to cross-share patient data, the more people who can access data, the less secure it is."

The researchers examined Department of Health and Human Services data for the period October 2009-December 2016. By law, hospitals covered by the Health Insurance Portability and Accountability Act, or HIPPA, must notify HHS of any affecting 500 or more individuals within 60 days from the discovery of the breach.

What they found was alarming:

  • Healthcare providers reported 1,225 of the 1,798 recorded breaches, while business associates, plans and healthcare clearinghouses reported the rest.
  • 257 breaches reported by 216 hospitals.
  • 33 hospitals experienced more than one breach - many of which are large, major teaching hospitals.

This research reinforces the critical trade-off patients face: healthcare systems having access to information they need, versus a hacker planning to spend your savings at Best Buy.


Explore further

Repeat data breaches among health care orgs down

Journal information: JAMA Internal Medicine

Citation: Hospitals put your data at risk, study finds (2017, April 6) retrieved 15 October 2019 from https://medicalxpress.com/news/2017-04-hospitals.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more