Health records contain highly personal information, which is why healthcare organizations must ensure they have a data breach response solution in place to keep medical records secure.
However, a number of organizations suffer data breaches. Some recent cases include Buffalo, N.Y.-based Dent Neurologic Institute, which experienced a technical error that accidentally sent personal information of 10,000 patients to about 200 people, according to Becker's Hospital Review.
The source listed eight other healthcare facilities that experienced recent data breaches, including Raleigh Orthopaedic Clinic in North Carolina and Glenn Falls Hospital in New York. The orthopaedic clinic notified 17,300 patients that their personal information may have been compromised, and Glenn Falls Hospital faced a lawsuit after names and medical records of 2,360 patients were accidentally released.
Patients who fall victim of data breaches at healthcare organizations face dire consequences. For instance, when personal health information becomes public, people can lose out on job opportunities, pay more for medical insurance and have more difficulty in custody battles, Bloomberg recently reported. On top of those consequences, patients can also suffer personal embarrassment.
However, some states are selling public information that could be linked to a person's medical conditions, the source said. Washington is among at least 25 states across the country that releases some combination of patient identifying markers, like a patient's age, ZIP code and dates of when they were admitted to and released from medical facilities. This increases the likelihood that medical information may be compromised. As medical records become digitized, the risk of hacking and data breaches also heightens.
"All I have to know is a little bit about a person and when they went to a hospital, and I can find their medical record in this kind of data," Latanya Sweeny, director of Harvard University's Data Privacy Lab, told Bloomberg. "The real takeaway is we can do better than this."
Why Aren't Healthcare Organizations Doing Better Job?
Healthcare organizations can encrypt patient data to make it more difficult to interpret in the case of a data breach. However, many organizations believe the cost of encrypting data is high, and many are taking their chances instead of investing in data breach protection solutions, Health IT Security reported.
Yet, the cost to the patient who is a victim of such breach is also high. A Javelin Strategy & Research report showed that 122,000 victims of a cyber data breach at the Utah Medicaid and Child Health Insurance Program have to pay about $770 and take 20 hours to resolve their individual fraud cases. The cost alone could turn a customer against a healthcare organization or medical insurance company. These instances also lead to patients losing trust in their medical provider.