Mobile communications drive medical data breach increase

By Greg McInerney, Editorial Assistant

A combination of an increase in mobile device usage and the development of doctor-patient interaction via certain social network sites will put a greater emphasis on security of patient information in 2012, according to industry experts.

The last few years have seen an increase in the use of technology within the health care industry in order to engage with patients. However, this fast-paced development has meant the balance between ease of use and risk has not quite been achieved. A report published by the Ponemon Institute and ID Experts Corp. late last year estimated the total cost of medical data breaches to be around $6.5 billion annually.

This sizeable figure is largely self-inflicted, according to Christine Marciano, data privacy and cyber risk insurance specialist at Cyber Data-Risk Managers LLC.

“The health care industry as a whole has been quite slow to respond to this rapid progression in the use of mobile technology in particular. [A] recent report showed only 49% of health care providers were adequately secured against data breach threats,” Marciano said.

Marciano believes 2012 could be a big year for data insurers like her own company, as regulating bodies begin to crack down on health care providers’ lack of data security provisions. Data insurance premiums provided to the health care industry by companies such as Cyber Data-Risk Managers depend on a number of factors, including number of patients, the size of the firm in question and its revenue.

“An annual premium of, say, $600,000 is going to prove to be a relatively inexpensive investment for a large hospital, considering the fallouts that can occur from the data breach of confidential information.”

These fallouts might take the form of increased lawsuits stemming from failure to secure private health care data, although Kirk Nahra, partner at the law firm Wiley Rein LLP, is quick to point out that very few — if any — of these medical data breaches have reached an actual courtroom thus far.

“Most data security breaches don’t end up being a real problem so long as the health care provider has an aggressive post response plan in place,” Nahra said. The majority of work I do in relation to health care data breaches is concerned with breach response rather than matters of actual litigation.”

However, Nahra is not dismissive of the possible damage that medical data breaches could cause in 2012.

“There is no doubt that health care providers need to be more aware of their legal responsibilities when it comes to these matters,” he said. “The sensitive nature of the information being stored requires a great level of attention to be paid to its secure storage.”

(Editor’s note: This is the first blog entry by Greg McInerney, an editorial assistant at TechTarget. He will be regularly contributing to Health IT Pulse over the next few months. Welcome aboard, Greg!)