Henry Brown

Actual study used to create infographic

Benchmark Study on Patient Privacy and Data Security


Healthcare organizations seem to face an uphill battle in their efforts to stop and reduce the loss or theft of protected health information (PHI) or patient information. As is revealed in the Third Annual Benchmark Study on Patient Privacy and Data Security, many healthcare organizations struggle with a lack of technologies, resources and trained personnel to deal with privacy and data security risks.

The consequence of not having adequate funding, solutions and expertise in place is clear. Since first conducting this study in 2010 the percentage of healthcare organizations reporting a data breach has increased and not declined. Further, there are more reports of multiple breaches and only 40 percent of organizations in this study have confidence that they are able to prevent or quickly detect all patient data loss or theft.

Since 2010 the threats to healthcare organizations have become increasingly more difficult to control. Technologies that promise greater productivity and convenience such as mobile devices, file-sharing applications and cloud-based services are difficult to secure. Employee mistakes and negligence also continue to be a significant cause of data breach incidents. Another worry presented in this research is that sophisticated and stealthy attacks by criminals have been steadily increasing since 2010.

The price tag for dealing with these breaches can be staggering. While the cost can range from $10,000 to more than $1 million, we calculate that the average cost for the organizations represented in this benchmark study is $2.4 million over a two-year period. This is up slightly from $2.2 million in 2011 and $2.1 million in 2010.

The types of healthcare organizations participating in the study are hospitals or clinics that are part of a healthcare network (46 percent), integrated delivery systems (36 percent) and standalone hospital or clinic (18 percent). This year 80 healthcare organizations participated in this benchmark research and 324 interviews were conducted1. Respondents interviewed work in all areas of the organization: security, administrative, privacy, compliance, finance and clinical.

download: PDF File from dgshealthcare.com