Here’s a 2012 report released by the U.S. Department of Health & Human Services Office of Civil Rights titled: Keeping Health Information Private and Secure . As per this report, over 21 Million individuals have been impacted due to security breaches which involved their medical records. These 21 Million individuals are only a part of those breaches which were big enough (500+ individuals impacted) which are required to be reported to the Federal Government as per the Breach notification rule. Thus the total number of individuals impacted is potentially higher than the 21 Million reported here.
Here are some examples of recently reported security breaches at healthcare organizations in the US:
Lucile Packard Children’s Hospital at Stanford (57,000 patients potentially impacted*)
Froedtert Health (43,000 patient data records potentially impacted**)
Montfort Hospital (25,000 patient data records potentially impacted***)
Stanford Hospital (20,000 patient data records published on a website*****)
The entire list of organizations which have been breached can be found at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
There are new reports published regularly on how laptops were stolen which somehow contained several thousand patient records or how a hospital employee checked out some patient records without any need to do so or of patient records which were simply lost like in the case of Massachusetts General Hospital******.
Below is an interesting infograph by Backgroundcheck.org which points out that:
— 94% of polled healthcare organizations have been breached in the past two years
— 2,769 records are lost or stolen per breach
— The price tag for dealing with a medical breach is $2.4 Million
Even more interesting is the stat that 95% of all devices which are stolen or lost which result in breaches are portable devices such as laptops and smartphones. This indicates that there is a huge amount of data which is stored on physical hard drives of these devices and increases the risk of potential breaches.
A patient medical record breach is a very serious matter as it can potentially contain not just information and history about his health and scheduling information but also financial information such as bills, credit card information, insurance details and often times their social security number.
Source of image: Backgroundcheck.org