• United States



Healthcare breaches: Do they even matter?

Nov 21, 20113 mins
Application SecurityData and Information SecurityData Breach

Electronic medical record breaches continue, yet the public pays little attention to healthcare provider security and privacy policies.

While the healthcare industry moves to invest billions into electronic health records, a steady trail of breaches and broken promises of security is starting to take its toll on patient trust.

Just last week Virginia Commonwealth University made public a breach involving the compromise of two servers that left personal information on former and current VCU and VCU Health System faculty, staff, students and affiliates exposed. The VCU reported that the records of 176,567 people were exposed in this incident notification.

Also see For me, healthcare security is personal

According to the University, two servers had been compromised, with one server having data that included Social Security numbers, names, or electronic IDs, and a subset of files contained date of birth, contact information among other information.

VCU is no unusual incident. Earlier this month the St. Joseph Medical Center reported that 5,000 x-rays with patients’ name, date of birth, medical record number, date of service, referring physician, the type of study and the radiologist’s medical interpretation of the film were stolen. At University of California Los Angeles Health System, 16,288 patients’ names, medical and other demographic information was stolen from a hard drive during a home burglary.

And in yet another recent incident, at Premier Imaging LLC, an employee was fired after bringing files on 47 patients home for reasons that still remain unclear.

According to the Privacy Rights Clearinghouse, a watchdog group that tracks data breaches, there have been 355 medical data related breaches, involving 10,120,287 records, that have been made public since 2010.

Despite all this bad news, a recent survey found that such occurrences probably won’t temper the trust consumers have in data sharing or using electronic health records. According to a survey of 1,000 consumers conducted by the PwC Health Research Institute, 60 percent of respondents would be comfortable having their health data shared for improving overall care, 54 percent for improving decision-making in their care, and 36 percent to provide data for better analysis of doctor’s performance.

However, only 30 percent of respondents said, if factors such as cost, quality, and access were even among competing providers, clear security and privacy policies would impact their healthcare decisions. “It’s easy for respondents to say this, but the reality is that consumers will not likely have any level of confidence on their ability to judge one provider’s security and privacy policies over another,” says Pete Lindstrom, research director at Spire Security.

George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.