- Will you thrive or just survive in the new HIX marketplace?
- 3 quality, coordination lessons from the Beacons
- Q&A: Home care, IT and retirement 2.0
- HHS opens more data to researchers and developers
- How social network analytics can combat fraud
- Tavenner confirmation triggers applause from industry
- New state commission to focus on healthcare costs
- Q&A: The non-existent public option as ACA's Achilles' Heel
- Q&A: MeHI director looks at Massachusetts' HIE road ahead
- AMA says time to move Medicare away from broken payment system
Health data breaches in the U.S. increased 97 percent in 2011 over the year before, according to a new report by Redspin, a leading provider of IT security assessments.
The annual survey, "Breach Report 2011, Protected Health Information,” found breaches in all 50 states, and examined a total of 385 incidents affecting over 19 million individuals since the HITECH Act's breach notification rule went into effect in August 2009.
"Information security data breach in healthcare has reached epidemic proportions – the problem is widespread and accelerating," said Daniel W. Berger, Redspin's president and CEO.
Redspin cites the increasing concentration of protected health information (PHI) on unencrypted portable devices (laptops, media) and the lack of sufficient oversight of PHI disclosed to hospital "business associates" as the main reasons for the increase.
Malicious attacks (theft, hacking, and insider incidents) continue to cause 60 percent of all breaches due to the economic value of a personal health record sold on the black market and for medical ID theft used to commit Medicare fraud, the study found.
The report also provides specific recommendations, drawn from its statistical analysis and real-world experience providing HIPAA security risk analysis services to dozens of hospitals and other healthcare organizations.
"Information security breach is the Achilles' heel of PHI," Berger said. "Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records."
A full copy of Redspin's "Breach Report 2011, Protected Health Information" can be found here.
Follow Diana Manos on Twitter @DManos_IT_News.