Tuesday, May 4, 2010

Data Breaches and Medical Identity Theft On the Rise

A recent survey found that 40% of hospitals have ten or more data breaches annually.  This represents an increase of 120% over last year's study. And 85% of the hospitals self-reported as not in compliance with HITECH's security provisions which include "disclosure reporting, privacy monitoring, limited use of personal medical data for marketing, and patients’ electronic access to their health information." 

The review of other studies found that:
  • "Fraud resulting from exposure of health data has risen from 3% in 2008 to 7% in 2009, a 112% increase (Javelin Strategy and Research)
  • Nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion. (Ponemon Institute)
  • It takes more than twice the time to detect medical information fraud and the average cost is $12,100, more than twice the cost for other types of identity theft.  (Javelin Strategy and Research)
  • Victims of medical identity theft may receive the wrong medical treatment, find their health insurance exhausted, and could become uninsurable for both life and health insurance coverage. (World Privacy Forum) 
  • Data breaches not only put people at risk of becoming victims, they are costly to the organizations that suffer breaches. A 2009 study revealed that the average cost of a data breach – per record breached ‐‐ has risen to $202 from 2008’s $197. At that rate a breach of 5,000 records will cost over $1 million. (Ponemon Institute)
  • Despite requirements that data be encrypted, the U.S. Department of Health and Human Services has announced that between January 1 and March 9, 2010 at least 74,962 unencrypted health records had already been breached. (HHS)"


Ray Hutchins said...

Those are some mind-blowing statistics and probably represent only the tip of the iceberg. Richard Clark's new book CYBERWAR is a must read for all of us in the HIT business or any IT business for that matter.

It's a national security priority to get a handle on our IT since we all are now so dependent upon it.

But while that battle rages, we have to keep pushing forward with innovation. Recently a little group of software developers came to my attention who are doing some remarkable things in the HIT space.

I am aware of a company that has made a significant break-thru with respect to ontological engineering and disease control that is worth note.

It's a small privately held SaaS development company based in Colorado that has developed and deployed an ontologically-based, GIS integrated disease management decision support system in Africa to fight malaria. This is a significant system that was funded by the global combatants of this disease and the system can be rapidly customized for deployment to other disease environments…especially if you are talking about vector-borne disease.

The company, TerraFrame TerraFrame is interested in leveraging its technology to fight global diseases and is happy to entertain creative conversations to that effect.

For more information please contact Ray Hutchins at rh@terraframe.co

Mia Callos said...

Well, thanks for posting this kind of data. Medical identity theft is very common nowadays. And it's difficult to trace who is using your personal information for their own benefits.
Well, there's this blog that I've read. It will also help you to understand more about medical identity theft.