Project will investigate patient health information breaches

Unlike cases involving financial data, little is known about the implications of lost information such as a diagnosis or medical history.

By Pamela Lewis Dolan — Posted April 13, 2011

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

Many studies have looked at the financial impact on a health care organization that has data such as patients' Social Security numbers and account information lost or stolen. But what is the effect on a patient who has sensitive health care information exposed? And what will those implications mean to the health care organizations charged with keeping that information private?

A recently formed collaboration plans to find out.

The American National Standards Institute and the Shared Assessments Programs have formed the ANSI/Shared Assessments PHI Project. The goal is to bring together a committee of professionals from across the health care spectrum to examine the impact of breached personal health information.

Data security companies, identity theft protection providers, research organizations, legal experts, standards developers and health care professionals will contribute to a report intended to help health care organizations understand how to protect such information and respond when it is breached.

The first step in learning how to protect health data is understanding exactly what is at risk, said Rick Kam, president and co-founder of the Portland, Ore.-based data breach management firm ID Experts and co-chair of the initiative. He added that the industry already knows the impact of a lost Social Security number.

"But what if a hospital loses your HIV diagnosis? What is the impact?" Kam asked. "There's a lot of anecdotal stories out there but nothing concrete."

The group plans to tackle the issue by dividing participants into five subcommittees. They will examine legal protections related to personal health information, where the risks of exposure are in the health care ecosystem and the financial impact to individuals whose health information is exposed. Surveys of organizations and possibly consumers will be conducted by another committee. A final committee will pull the information together and draft a report.

Kam expects the first phase of the work -- a report that details how health care organizations can calculate the financial impact of a breach -- within three months. "Then we'll see where we go," he said, adding there will be two or three phases before the effort is completed.

Most of the work will take place through conference calls. The committees are open to anyone. So far, about 150 people have signed up. Interested parties can send an email to join ([email protected]" target="_blank">link).

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn