Study finds EHR data breaches result in loss of patients
Electronic health record systems contain vast amounts of information, ranging from past medical experiences to private data such as Social Security numbers. Like all collections of data, EHRs are at risk of being infiltrated. The U.S. Department of Health and Human Services requires the software to be compliant with the Health Insurance Portability and Accountability Act Security Rule. It is important for health care providers to ensure that safeguards are in place, as a study performed by Javelin Research Group found that businesses can be negatively influenced by a data breach.
The study, "Avoidable Collateral Damage from Corporate Data Breaches," found that 30 percent of customers affected by lost or stolen information would avoid going to the health care provider that was impacted. This can cause the organization to lose money from patients and be forced to mitigate the effects of the breach. The study proved that 54 percent of health care providers are most likely to subsidize identity protection services for affected patients. This can be costly, but not nearly as costly as HIPAA fines. For example, New York-Presbyterian Hospital and Columbia University Medical Center paid $4.8 million to settle alleged HIPAA violations after the EHRs of 6,800 patients ended up on Google in 2010, according to Healthcare IT News.
According to the Javelin study, the best way to protect data from breaches is to regularly perform risk assessments and create data management programs.