Large-scale health data breaches reported by doctors and health plans have been rising steadily, a new report shows.
From 2010 to 2013, nearly 1000 large breaches affected more than 29 million individual health records, and more than half
resulted from theft or loss of laptops, thumb drives and paper records, according to researchers with access to government
data.
Hacking incidents more than doubled during those years but still represented less than a third of all breaches.
“While electronic data security and privacy is not a problem that is unique to healthcare, individually identifiable health data cannot be easily reset or changed once it has been compromised like credit card information can, for example,” said lead author Dr. Vincent Liu of the Kaiser Permanente Division of Research in Oakland, California.
“Electronic health records and other emerging technologies for using health data have great potential to improve the delivery of high-value healthcare, however, we must ensure that our patients’ data remains secure,” Liu told Reuters Health by email.
He and his coauthors analyzed the U.S. Department of Health and Human Services database of breaches of unencrypted health information reported by Health Insurance Portability and Accountability Act (HIPAA) covered entities. They only included breaches affecting at least 500 individuals, and where the information could be traced back to individual patients.
Between 2010 and 2013, there were 949 of these large unauthorized acquisitions, accesses, uses or disclosures, involving more than 29 million records.
The yearly number of breaches rose from 214 in 2010 to 236 in 2011, 234 in 2012 and 265 in 2013. Most involved electronic health records, and a third involved laptop computers or portable electronic devices. These numbers, published in the Journal of the American Medical Association, only include breaches that were recognized, reported and affected at least 500 records, so they likely underestimate the true number occurring each year.
“We found that as many as 30 million records were compromised in a four-year span,” Liu said. “If each of these represented records from a unique patient, it could suggest that as many as 1 of every 11 Americans’ healthcare data has been compromised.”
Hacking increased over the study period, from 12 percent to 27 percent of incidents. But the physical theft of unsecure paper or electronic records accounted for 55 percent of breaches.
“Thus, while hacking represents a serious threat to the security of healthcare data, improved cybersecurity alone is not a panacea for our data security problems,” Liu said.
