Hospital data loss: A tough pill to swallow

Theft or loss of devices containing personal medical information is one of the more common ways that healthcare providers can put patient information at risk.

When it comes to the need for cyber security vigilance and proper implementation of layered security software and application control techniques, all hands are needed on deck. That is especially true of hospitals, although based on some recent tidbits of news it would seem that not everyone has gotten the message.

The University of Texas M.D. Anderson Cancer Center in Houston has now found itself dealing with data loss prevention issues twice this year. In May, the hospital lost a laptop that contained the information of approximately 30,000 patients. Two months later, a USB thumb drive that stored personal information on 2,200 patients was lost, the Houston Chronicle reported.

Theft or loss of devices containing personal medical information is one of the more common ways that healthcare providers can put patient information at risk. According to the U.S. Department of Health and Human Services (HHS), 40 percent of large breaches occur from theft or loss of a physical device. Additional HHS statistics cited by the Chronicle showed that, since late 2009, 21 million patients had their medical information at risk because of 489 data loss instances.

“In general, we believe that these statistics indicate that there is more that (the healthcare industry) could be doing to embrace a culture of compliance with respect to safeguarding the privacy and security of their patients’ protected health information,” said Susan McAndrew, the deputy director for health information privacy at the Health and Human Services Office for Civil Rights, according to the newspaper.

Is encryption the answer?

For each instance of data loss, U.S. hospitals may be sanctioned in accordance with the Health Insurance Portability and Accountability Act (HIPAA), the law mandating certain security measures that healthcare providers must adopt, which according to SC Magazine now includes the encryption of data. The M.D. Anderson Cancer Center was in the process of encrypting all of the data on its devices after the laptop theft, but according to the Houston Business Journal the information contained on the thumb drive was not yet encrypted. An estimated 78 percent of data loss would be avoided with encryption, the Chronicle reported.

Do hospitals and other healthcare providers needs to be doing more to effectively safeguard patient data? Leave your comments below to let us know what you think!

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.