An overwhelming majority of healthcare providers—96 percent—admit that they have lost patients’ medical data in the last two years, according to a newly released study. And the number of medical data breaches surged 32 percent in 2011, a worrisome trend as the healthcare industry pushes to digitize all medical records.
According to the study, published by the Ponemon Institute, which studies data and privacy, the 72 healthcare organizations surveyed suffered an average of four data breaches over the last year. About 30 percent of those breaches already have led to identity theft, respondents said.
“Our study found that the number of data breaches among healthcare organizations . . . is still growing—eroding patient privacy and contributing to medical identity theft,” according to the report.
Half of all data breaches reported happened because the institutions lost computing devices that contained patient records. Perhaps not coincidentally, about half of all respondents “admit their organizations do nothing to protect these devices,” the report found. “Widespread use of mobile devices is putting patient data at risk.”
[Consumer Resource: Worried about identity theft? Find out if you're at risk with Credit.com's Free Credit Report Card.]
Many healthcare workers don’t believe their employers are doing enough to safeguard patient information. Only 29 percent of survey participants said that their organizations treat data breach prevention as a priority, even though 90 percent agreed that breaches harm patients.
Nevertheless, most patients whose data is lost or stolen are left to defend themselves. Only 35 percent of respondents said their employers offer identity theft protection to affected patients.
What’s more, the breaches themselves appear to be getting more serious. The average number of patient records stolen or lost in each breach rose from 1,769 last year to 2,575 in 2011. Each breach cost the healthcare institution about $2.2 million, an increase of $200,000 since 2010.
And healthcare companies may not even know the true extent of the problem. Most respondents—57 percent—say they have “little or no confidence that their organization could detect all patient data loss or theft.”
[Featured Products: Research and compare Identity theft protection plans at Credit.com]
Image: cliff1066™, via Flickr.com