Medical Data Breaches: Game-changing for Health Information Professionals

Published: March 26, 2014 by ofonseca

While cyber crime continues to grow across industries, medical identity theft and medical data breaches are rising at a disproportionate rate. And though all identity theft can result in catastrophic damage to consumers’ financial wellbeing, medical identity theft may affect their physical health as well.

Consumers are aware of the risks, too. In a recent Ponemon Institute study sponsored by Experian® Data Breach Resolution, 58 percent of consumers polled said they believe accessing their medical records online puts their personal health information at risk1. The full study is available for download and it provides valuable insight into how consumers view online security in relation to their personal health data.

Nowhere else in the information security world does the cumulative impact of cyber crime reach levels as potentially disastrous as in the healthcare field. Which is why when Health Information Professionals (HIP) Week arrives March 16 to 22, the unsung heroes in the fight against medical fraud deserve our attention and applause. They face cyber threats that continue to grow exponentially.

In just the first two months of 2014, 51 medical/healthcare data breaches occurred, compromising 718,828 records, according to the Identity Theft Resource Center.

In addition to the financial losses often associated with any type of identity theft, medical identity theft may compromise an individual’s health if criminal activity causes inaccuracies to appear in a person’s medical records. Research from the Ponemon Institute tells us that the vast majority of medical identity theft is perpetrated in order to fraudulently obtain healthcare services, pharmaceuticals or medical equipment.

The role of health information professionals has evolved as medical data breaches continue to grow in frequency and scope. It’s no longer enough for health information management (HIM) professionals to focus on data management to ensure patients’ care and physical safety; they must now also act to safeguard patients’ identities and financial wellbeing.

Their challenges are manifold. In addition to maintaining data that is accurate and useful as an analytic tool, they must also actively protect that data from potential medical data breach sources, both within and outside healthcare organizations. And all of these preventive, protective efforts must take place against the backdrop of a strong regulatory environment that includes HIPAA privacy requirements.

It bears repeating – and this year’s stats already bear us out – that it’s no longer a question of if a healthcare organization will experience a medical data breach, but rather when one will occur. Given the catastrophic potential of the risks – to both consumers and healthcare organizations – a data breach resolution plan is an essential tool for HIM professionals.

1 Ponemon Institute,  Risks & Rewards of Online & Mobile Health Services: Consumer Attitudes Explored” from January 2014