According to a recent study published by the Ponemon Group, the number of data breaches reported by healthcare facilities has increased by 32 percent in the past year, costing an estimated $5.6 billion, reports Healthcare IT News.
The results of the report suggest that employee mistakes and the increasing use of mobile devices to access sensitive healthcare data are two primary reasons for the substantial increase.
Of the healthcare executives polled, 41 percent attributed breaches in data security to employee error, and half of respondents indicated that their facilities took no steps to secure or encrypt the information accessed by mobile devices. Despite the prevalence of insecure information being accessed by tablet computers and smartphones, more than 80 percent of healthcare facilities polled stated that they used mobile devices to share health data.
Perhaps of a bigger concern is the fact that 73 percent of respondents indicated that they do not currently have adequate measures in place to detect and prevent unauthorized access to sensitive information.
“These problems are a direct result of our national economy,” Larry Ponemon, chairman and founder of the research institute, said in a statement, as quoted by the news source. “Healthcare organizations, especially [nonprofit] hospitals and small clinics, have thin margins, are trimming staff and resources and are lacking sufficient security and privacy budgets needed to adequately protect patients. I don’t see this getting better anytime soon.”
In an attempt to address the situation, legislators and policymakers in some states have taken action to reduce the number of data breaches in healthcare facilities.
According to Information Week, California Governor Jerry Brown signed two laws into effect earlier this year to protect information contained within medical informatics systems more effectively. Senate Bill 850, also known as the Confidentiality of Medical Information Act, was introduced to securely manage changes made to patient health data contained in clinical informatics systems.