Research from Michigan State University has discovered that the biggest source of data breaches arises due to internal issues with healthcare and medical providers, in contrast to the activities of hackers or other external parties.
The researchers were studying the datasets that fall under ‘personal health information‘. This refers to demographic information, medical histories, plus test and laboratory results. Other related data includes mental health conditions, insurance information, and anything else that a healthcare professional collects to identify an individual and to make an assessment.
Under the U.S. Health Insurance Portability and Accountability Act healthcare data includes eighteen identifiers that are supposed to be treated with special care. This includes names, geographical information, contact details, social Security numbers, biometric identifiers, such as finger, retinal and voice prints, and full face photographic images. According to protocol, such data should be subject to a process of ‘de-identification’ before release.
The high level of healthcare data that is lost also signifies just how much data is collected by the healthcare system. Data is used, as examples, to help to develop new apps and products; to assess efficiencies, as with the hospital system; and sold to pharmaceutical companies to assess with new drug development.
According to lead researcher Dr. John (Xuefeng) Jiang: “There’s no perfect way to store information, but more than half of the cases we reviewed were not triggered by external factors — but rather by internal negligence.”
The study reveals almost 1,800 occurrences of large data breaches in patient information over a seven-year period, with 33 hospitals experiencing more than one substantial breach. It was found that 53 percent were the result of internal factors in healthcare entities.
The results indicate that healthcare facilities need to undertake drastic measures to improve internal operations and to afford personal healthcare data with greater protection.
The findings of the research are published in the journal JAMA Internal Medicine, with the research paper headed “Hospital Risk of Data Breaches.”