Theft of Digital Health Data More Often Inside Job, Report Finds
Electronic health data breaches are increasingly carried out by “knowledgeable insiders” bent on identity theft or access to prescription drugs, according to a report from PricewaterhouseCoopers LLP.
More than 11 million consumers have had medical data stolen or inappropriately disclosed since September 2009, and the privacy breaches are expected to rise as more health information is put online, according to the report released today by the New York-based accounting firm’s health research institute. The most frequently reported issue was the improper use of protected information by an “internal party,” the study found.
The report underscores the need to strengthen privacy and security controls as health records are more frequently stored online and accessed by portable devices, said James Koenig, co- lead of PwC’s Health Information Privacy and Security Practice. Consumer concerns that personal medical information may be vulnerable to disclosure are likely to increase as the Obama administration spurs the adoption of digital records.
“Going forward, there needs to be the vigilant focus not just on improvements to health care, but also making sure privacy and security keep pace so that confidence in these new uses can be enabled,” Koenig said in an interview.
Survey of Executives
The report analyzed data from a survey of 600 executives from U.S. hospitals and physician groups, insurers and pharmaceutical and life sciences companies. More than half of the organizations reported a privacy or security-related issue related to health data over the last two years, Koenig said.
Theft accounted for 66 percent of publicly reported breaches, including stolen laptops, smart phones and other electronic devices, misuse of patient data to submit fraudulent claims and people seeking care in someone else’s name.
Thieves are most often “knowledgeable insiders, such as people in admissions, billing, computer programmers, the janitorial staff, even in security, who get access either to building facilities or to computer systems for information,” Koenig said.
While the report didn’t specify how many security thefts were carried out by insiders, 40 percent of surveyed providers reported an incident of improper internal use of protected health information during the past two years. Over the past several years, thefts by insiders or disgruntled former employees have surpassed disclosures by hackers and outsiders, Koenig said.
The target in a hospital setting “is either health insurance information, to be able to resell access to people who don’t have insurance or, most often, access to prescription drugs which are a commodity that can be sold on the street,” he said.
Almost three-quarters of the executives said they were already sharing or intending to share patient data for clinical studies, post-market surveillance of drugs or the development of new programs, while less than half had addressed privacy and security issues, the report found.
To contact the reporter on this story: Carol Eisenberg in Washington at ceisenberg1@bloomberg.net
To contact the editor responsible for this story: Adriel Bettelheim at abettelheim@bloomberg.net
Rate this Page