par John R. Fischer
, Staff Reporter | September 26, 2019
More than 70 percent of hospital data breaches place sensitive demographic or financial information at risk of being used to commit identity theft or fraud, according to a new research report.
Researchers at Michigan State University and Johns Hopkins University made the discovery while sifting through 1,461 breaches of protected health information from over the past decade to identify for the first time which information was compromised in these records.
“One implication of our study is that if healthcare providers have limited resources, maybe they should put more emphasis on safeguarding patients’ sensitive demographic and financial information such as SSN, driver's license, birth date, and credit card numbers,” John (Xuefeng) Jiang, professor and Plante Moran Faculty Fellow at Michigan State, told HCB News.
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
Demographic information consisted of names, email addresses, and other personal forms of identification, while service or financial data included service dates, billing amounts, and payment information. Medical information, such as diagnoses or treatments, was also among the data examined.
Of the breaches assessed, 71 percent contained sensitive demographic or financial information that could be used in identity theft or financial fraud to exploit 159 million patients. Two percent consisted of sensitive medical information for 2.4 million patients, potentially threatening their medical privacy.
The findings should encourage healthcare policymakers to require standardizing documentation of the types of information compromised, according to Jiang, who adds that healthcare providers can take a number of steps to prevent such breaches from occurring in the first place.
"To reduce storage risk, healthcare providers could transition from paper to digital medical records, safe storage; move to non-mobile policies for patient-protected information; and implement encryption, firewall protection and cloud-based data storage,” he said. “The protocols to mitigate breach risk related to PHI communication include: mandatory verification of the recipient and the information exposed through envelope windows; mandatory verification of the recipient, the copy protocol (bcc versus cc); and the encryption of content (through email)."
The findings were published in the journal, Annals of Internal Medicine.