Skip to content

Quick Note: More on Health Care Data Security

February 5, 2012

Today’s Quick Note covers a post titled “Health data breaches up 97 percent in 2011” on The post, by Diana Manos, tells us that “Health data breaches in the U.S. increased 97 percent in 2011 over the year before, according to a new report by Redspin, a leading provider of IT security assessments.”  [all italics are added by me, and denote a quote from the original post or article]

Manos’ article is brief, but comprehensive, and easy to process. She covers several key aspects of the topic. The chief topic of conversation is the reason for the “widespread and accelerating” nature of the problem. Manos relies on Redspin again for an analysis of the causes:

Redspin cites the increasing concentration of protected health information (PHI) on unencrypted portable devices (laptops, media) and the lack of sufficient oversight of PHI disclosed to hospital “business associates” as the main reasons for the increase.

For my part, I tend to think Redspin’s take is correct, although I believe it is likely that breaches are more likely to reported today than they were in 2009 or 2010. Part of this reason is the greater emphasis on mandatory reporting driven by HITECH legislation. Covered entities are simply more likely to understand what they need to do to be compliant.

Manos also keys in another causal aspect of the growing breach issue. It seems that hackers are increasingly seeking out medical information for its economic value. Manos tells us that “Malicious attacks (theft, hacking, and insider incidents) continue to cause 60 percent of all breaches due to the economic value of a personal health record sold on the black market and for medical ID theft used to commit Medicare fraud, the study found.” Manos goes on to explain a related issue, namely that loss of security over electronic health information may hinder adoption of electronic health record initiatives, which are considered a crucial stepping stone to enhanced medical care:

“Information security breach is the Achilles’ heel of PHI,” Berger said. “Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records.”

The author also provides us with a link to the report created by Redsping: “A full copy of Redspin’s “Breach Report 2011, Protected Health Information” can be found here.

This is another fairly good article covering issues in current Health Care IT topics. I recommend the article, and suggest visiting these other recent Notes if you have an interest in this area:

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: