Patient data remains unsafe, even at the largest hospitals

A study published in JAMA Internal Medicine found 1,798 large data breaches of patient data have occurred in the past seven years. The study further showed the need for improved security measures in healthcare systems nationwide.

Led by Xuefeng Jiang, Michigan State University associate professor of accounting, and colleagues from Johns Hopkins and Ball State universities, the study examined data from the Department of Health and Human Services from Oct. 2009 to Dec. 2016 on large healthcare systems including UC Davis Medical Center in California and Henry Ford Hospital in Michigan.

"Our findings underscore the critical need for increased data protection in the health care industry," said Jiang. "While the law requires health care professionals and systems to cross-share patient data, the more people who can access data, the less secure it is."

By law, hospitals covered by the Health Insurance Portability and Accountability Act (HIPAA) must report data breaches affected 500 or more patients within 60 days. Results showed that healthcare providers reported 1,225 of the 1,798 total breaches, leading the remainder to be reported by business associates, health plans and clearinghouses. A total of 257 breaches were reported by 2016 hospitals, with 33 large hospitals experiencing multiple breaches.

“A fundamental trade-off exists between data security and data access,” wrote Jiang and colleagues. “Broad access to health information, essential for hospitals’ quality improvement efforts and research and education needs, inevitably increases risks for data breaches and makes ‘zero breach’ an extremely challenging objective. The evolving landscape of breach activity, detection, management, and response requires hospitals to continuously evaluate their risks and apply best data security practices. Despite the call for good data hygiene, little evidence exists of the effectiveness of specific practices in hospitals. Identification of evidence-based effective data security practices should be made a research priority.”

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”