Re: Release of Ponemon “Benchmark Study on Patient Privacy and Data Security” on Nov 9th
Today’s new Ponemon study catalogs the health care industry’s massive indifference to keeping patients’ health data secure.
View the Ponemon Study Press Release
This is not a new problem. The lack of ironclad data protection and security has been a set up for catastrophe from the beginning. If banks handled the security of financial records as badly as hospitals handle health records, they would have been shut down.
Why is abysmal security for health data tolerated, when it is far more sensitive than financial records and also contains financial and demographic information?
The study details the lack of comprehensive technical protections, the lack of adequate staff, the lack of adequate funding , and the lack of encryption. It even found that 53% of health care organizations are “not confident” they know where patient data is actually located.
It’s painful to read such graphic detail about the breathtaking, systemic disregard for patient data protections. Page after page of awful statistics should make the public and government pause before spending $39 billion dollars of stimulus funds on such fatally flawed systems.
Relentless industry promotion of health IT seems to override the lack of adequate data protection and common sense.
Here are a few statistics from the study:
- The total economic burden on US hospitals of data breaches is $12 Billion dollars/year.
- 69% of health care organizations can’t prevent or detect data breaches
- 71% of health care organizations have inadequate resources to deal with data breaches or improve their systems and technology
- 70% of hospitals said that data protection is not a priority
- Strikingly, 41% said that data breaches were discovered by patients, which appears to be low because another 19% of breaches were discovered because of legal complaints and 8% by law enforcement. Both legal actions and law enforcement complaints were also probably because patients discovered breaches and sought help, making the total of patient-discovered breaches closer to 68% than 41%.
If 41-68% of patients reported breaches, they must have suffered direct harms, such as data exposure leading to humiliation/embarrassment, identity theft, or medical identity theft.
Shouldn’t the government spend the stimulus billions on systems that DO ensure data security and EMPOWER patients to selectively disclose sensitive health information only to those they trust?