Health data breaches in the U.S. increased 97 percent in 2011 over the year before, according to a new report by Redspin, a leading provider of IT security assessments.
The annual survey, "Breach Report 2011, Protected Health Information,” found breaches in all 50 states, and examined a total of 385 incidents affecting over 19 million individuals since the HITECH Act's breach notification rule went into effect in August 2009.
[Q&A: How a health 'data spill' could be more damaging than what BP did to the Gulf.]
"Information security data breach in healthcare has reached epidemic proportions – the problem is widespread and accelerating," said Daniel W. Berger, Redspin's president and CEO.
Redspin cites the increasing concentration of protected health information (PHI) on unencrypted portable devices (laptops, media) and the lack of sufficient oversight of PHI disclosed to hospital "business associates" as the main reasons for the increase.
Malicious attacks (theft, hacking, and insider incidents) continue to cause 60 percent of all breaches due to the economic value of a personal health record sold on the black market and for medical ID theft used to commit Medicare fraud, the study found.
The report also provides specific recommendations, drawn from its statistical analysis and real-world experience providing HIPAA security risk analysis services to dozens of hospitals and other healthcare organizations.
[Related: Top 6 ways for avoid data breaches. See Also: 6 tips for handling PHI.]
"Information security breach is the Achilles' heel of PHI," Berger said. "Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records."
A full copy of Redspin's "Breach Report 2011, Protected Health Information" can be found here.
Follow Diana Manos on Twitter @DManos_IT_News.
