Personal data protection is a hot subject and many people attempt to protect their data, be that bank account details, national insurance, tax codes and so on. One thing that impacts people outside their sphere of influence is hospital data and medical records, since these are held by institutions. It is therefore concerning that such data, if the U.S. cases are representative, is vulnerable globally.
The new study comes from Michigan State University and it reviews just under 1,800 occurrences of large data breaches in patient information. These privacy and security issues took place over a seven-year period.
The lead researcher was Professor Xuefeng “John” Jiang and with the exercise the researcher examined data breaches occurring in range of health care facilities. These institutions included UC Davis Medical Center in California and the Henry Ford Hospital in Michigan. The data was drawn from U.S. Department of Health and Human Services records and the review period was 2009 to 2016. Such information is made available under the Health Insurance Portability and Accountability Act. This legislation requires that all breaches of data, that affect 500 or more people, must be reported within 60 days from the breach being identified.
In a research note, the medical scholar states: “Our findings underscore the critical need for increased data protection in the health care industry.”
He adds: “While the law requires health care professionals and systems to cross-share patient data, the more people who can access data, the less secure it is.”
Some of the key points discovered by Professor Jiang include:
Only 1,225 of the 1,798 recorded breaches were recorded by hospitals (in line with the Act). However, a sizeable number were not and instead these came via business associates, health plans and healthcare clearinghouses.
There were 257 breaches reported by 216 hospitals, indicating that some hospitals experienced more than one data breach.
The hospitals experiencing the largest data breaches were often large, major teaching hospitals.
These findings indicate that greater reforms in terms of cyber security are required within the hospital system. The research into large data breaches in the hospital sector has been published in the journal JAMA Internal Medicine. The study is titled “Hospital Risk of Data Breaches.”