Health data breaches are on the rise

Large-scale health data breaches have been steadily increasing, according a study by Kaiser Permanente published in the Journal of the American Medical Association.

Researchers reviewed data from the Department of Health and Human Services' database of breaches of unencrypted health data reported by entities subject to HIPAA. The breaches included those affecting at least 500 people in which the data could be linked back to individual patients.

Between 2010 and 2013, nearly 1,000 large data breaches that affected more than 29 million individual health records were reported. More than half resulted from the loss or theft of laptops, paper records and thumb drives, and most involved individuals' EHRs.

Overall, the annual number of large breaches increased from 214 in 2010 to 236 in 2011, 234 in 2012 and 265 in 2013.

The percentage of breaches attributed to hacking more than doubled during the three-year period, accounting for about 12 percent of incidents in 2010 and 27 percent in 2013. However, such incidents comprised less than one-third of all large-scale reported breaches.

The researchers said the number of electronic data breaches likely will continue to increase as the use of EHRs rapidly expands, along with increased adoption of cloud-based analytics services; gene sequencing; personal health records; and other health-related technology.

The researchers recommended healthcare organizations and lawmakers take action to increase staff training and bolster security measures to increase security.

JAMA published an accompanying editorial authored by president of The Commonwealth Fund David Blumenthal who wrote, "The personal health information of patients in the United States is not safe, and it needs to be." Healthcare organizations need to correct inadequate security practices such as failing to encrypt data and staff carrying unprotected devices outside of healthcare facilities, he added.