opinion
Health care organizations learn to deal with data breaches
■ Connected coverage — selected articles on trends, challenges and controversies in the changing world of medicine.
Posted Aug. 26, 2013
Theft of patient data has increased in recent years as cyber crooks continue to find creative ways to steal financial and other information from medical records. The health care industry has sought to improve technological safeguards to avert data breaches. Such situations can have a huge financial impact, damage the reputation of the affected practices and other facilities, and create a hardship for patients.
American Medical News has covered how data breaches have affected health care, including how organizations are seeking to keep breaches from ever happening and putting liability coverage in place to lessen the pain when they do occur.
Data breach insurance goes mainstream in health care
Some health care organizations consider data breaches so costly that they are looking into insurance policies that cover such information thefts. The number of these thefts is climbing. A study from Experian and the Ponemon Institute found that companies across many sectors, including health care, are getting cyber or data breach insurance to lessen their financial risk. Seventy-seven percent of the surveyed health care organizations said cyber risk insurance is important.
Health data breaches usually aren’t accidents anymore
A report issued in July by data security firm ID Experts says personal health information is being targeted more than it was a decade ago. The increase in mobile devices is creating a new path for hackers to explore. But there is greater awareness about the risks of data breaches than there was 10 years ago, and various stakeholders are developing best practices to guard against medical identity theft and breaches.
Medical system largely unprepared for privacy breaches
Many health care organizations have not taken the right steps to stop breaches, according to a report published in April. Some of the reasons include limited resources, budgeting issues and a sense by some physician practices that they won’t be victims. Data security consultants say practices should have incident response plans in place that determine the cause and scope of a breach and enable reaching out to patients who are affected.