When you’re getting ready to choose a hospital, there’s more to consider than just if it’s in-network with your insurance or if your preferred doctor has privileges there.
When it comes to data breaches at U.S. hospitals, the risk is greater at larger facilities and at teaching hospitals, according to a new study published online by JAMA Internal Medicine.
The study, entitled “Hospital Risk of Data Breaches,” was published April 3, 2017.
The authors of the study used data from the Department of Health and Human Services to pinpoint what types of hospitals are at higher risk of data breaches.
“More than 30 hospitals in the study each experienced data breaches at least twice since 2009. At one of those facilities, the data of more than 4 million individuals was compromised,” according to a press release about the study.
The lead author of the study, Ge Bai, is an assistant professor at the Johns Hopkins Carey Business School in Baltimore where she focuses on accounting and governance issues within the healthcare industry. Associate Professor John (Xuefeng) Jiang of Michigan State University and Assistant Professor Renee Flasher of Ball State University are listed as co-authors.
The study’s authors examined the federal Department of Health and Human Services’ statistics on data breaches reported by various health care providers over a more than six year span — from late 2009 through 2016. They discovered 216 hospitals reported a total of 257 breaches during that period – 33 of those hospitals (or 15 percent) were breached at least twice, and more than a third of them are major teaching hospitals.
“The researchers also looked at hospitals that reported no data breaches. Comparing these findings with the information from the compromised hospitals, Bai and her colleagues noted that the breached facilities were larger (262 median number of beds versus 134 for the non-breached) and more likely to be major teaching facilities (37 percent versus 9 percent of the non-breached hospitals),” according to the press release.
Why is this? Perhaps because at a teaching hospital, more people can view private patient data. And of course “the more people who can access data, the less secure it is,” Bai said in an interview about the study. But, as the Consumer Reports piece cautions, “This doesn’t mean you should avoid major teaching hospitals, which often offer cutting-edge treatment and give patients generous amounts of attention.”
The takeaway from the study?
It’s something that you probably already know.
“A fundamental trade-off exists between data security and data access,” the researchers write in the study. “Broad access to health information, essential for hospitals’ quality improvement efforts and research and education needs, inevitably increases risks for data breaches and makes ‘zero breach’ an extremely challenging objective. The evolving landscape … requires hospitals to continuously evaluate their risks and apply best data security practices.”
Is your business covered for a data breach?
Get Covered
Image: Pixabay