The healthcare industry will be more susceptible to data breaches this year as the transition to electronic medical records continues and the black market value for those records grows. In its third annual Data Breach Industry Forecast, Experian’s Data Breach Resolution group says the healthcare industry will be a target in 2016, and businesses need more internal employee training to prevent security risks.
There have been more than 15,000 data breaches over the last decade; and according to Experian, security risks to businesses will continue this year. Healthcare data breaches continue to be a threat in 2016 based on prominent cyber-attacks on Anthem, Premera BlueCross Blue Shield and more organizations. According to a separate study by Privacy Analytics, because many individuals are not familiar with “deidentifying” data, it may be shared in ways that presents a high risk of a data breach.
According to “The State of Data Sharing for Healthcare Analytics 2015-2016 Change, Challenges and Choice,” by Privacy Analytics, more than two-thirds of respondents to a survey of healthcare organizations said they lack complete confidence in their organization’s ability to share data without privacy risks. Health records are the most common type of data being stored or shared (55 percent), followed by medical claims data (44 percent), according to the survey.
Changing Landscape of Data “In 2015, research from the Ponemon Institute revealed that while more companies now have a data breach response plan in place, many are still not confident in their ability to manage a significant incident,” according to Experian’s report. “Concerns regarding the effectiveness of response plans indicate a need for business leaders to reevaluate and audit their programs.”
Experian also reviewed its predictions on data breaches for 2015 and how businesses faired based on those predictions. In 2015, employee errors continued to be one of the leading causes of data breaches and employee training programs needed improvement. As a result, it is also essential for companies to increase their preparation for a data breach and response plans should one occur, according to Experian.
“The landscape has changed with hackers targeting organizations for different types of data that could be used for extortion or to simply cause harm,” according to the Experian report. “While traditional data breach threats remain, it is important that business leaders take note of emerging trends and update their data breach response plans accordingly.”
According to the Privacy Analytics study, one in five respondents said their healthcare organization has taken steps to reduce risk and improve deidentification in the records that are shared. Healthcare organizations are slowly starting to make data available for secondary uses, but two out of three respondents to the Privacy Analytics survey said they lack total confidence in their organization’s ability to share data without creating privacy risks.
“The demands for data, combined with the magnitude of PHI [Protected Health Information] being collected in electronic medical records, medical monitoring apps and other healthcare networks makes this cause for concern,” according to Privacy Analytics. Nearly 50 percent of respondents to the survey said preventing patient “reidentification” is a top challenge when they share or store data and the concern is highest among organizations that are already sharing data.
Privacy Analytics also reports results of its survey reflecting that employee errors or the need for more employee training may contribute to challenges in information security among healthcare organizations. “Additional challenges include low staff knowledge on managing data safely (26 percent), low staff knowledge of data sharing practices and tools (25 percent), cost concerns (24 percent), and lack of organizational policies (23 percent),” according to the Privacy Analytics survey.
Overall, according to Privacy Analytics, the results of the survey show there is a gap between regulatory requirements and healthcare organizations’ ability to meet them and an overall growing demand for health data. “The growing demand to share health data brings with it growing risks. The proliferation of PHI and subsequent requests for data is pushing the boundaries of compliance as organizations try to satisfy demand. The response has been to err on the side of caution and keep data locked away,” according to Privacy Analytics.
But those who do share and store PHI must do so responsibly, and the survey reflects their struggles to prevent patient re-identification and meet compliance requirements. “Many organizations feel unprepared to responsibly store and share data for secondary purposes, and thus, are unable to advance analytics in their organization,” according to Privacy Analytics. Experian recommends for healthcare organizations to continue investing in data security technologies and training employees on proper security practices in 2016. More information: http://ow.ly/VZ2z0 and http://ow.ly/VZ2Ew