David Blumenthal, M.D., and Deven McGraw
There were more than 29.1 million health records affected by data breaches over a recent three-
Between 2010 and 2013, there were 949 separate events, two-thirds of which involved electronic data.
Current laws, such as the Health Insurance Portability and Accountability Act (HIPAA), aren’t effective in protecting patient information.
HIPAA was enacted before the Internet and electronic medical records existed, so large gaps remain in health data protections.
More than 80 percent of data breaches occur because basic precautions aren’t taken.
Health care organizations often fail to implement simple procedures such as encrypting health data, prohibiting the storage of confidential information on personal electronic devices, and authenticating authorized users.
We can’t have a successful nationwide health IT system if patients are worried about the safety of their personal information.
Patients with these concerns will resist sharing their information electronically, which may compromise their care as well as future research.