The Deloitte Center for Health Solutions has issued a new brief on Privacy and Security in Health Care. The brief gives a prime on the risks for privacy and security in the sector and about how to be prepared.
As we know from recent research, 4.9 million patients had their protected health information (PHI) compromised as a result of 166 data breaches between September 2009 – 2010. That number is now closer to 7 million patients.
In the 7 years following the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has investigated and resolved over 11,000 HIPAA violations.
The Deloitte brief breaks down the HHS-reported data on breaches, showing that the majority of breaches are by health care providers (71%) and that theft and loss are the leading causes of breaches - laptops, paper records & film and desktop computers are the leading locations for breached information. The brief looks at many security studies, outlining the key findings and the implications of these findings on different industry sectors.
The total economic burden created by data breaches in the health care industry is nearly $6 billion annually. The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.
Of course, there is an economic and emotional impact to patients from breaches in the health care industry as well. In health care, approximately one third of data breaches result in medical identity theft.