A new study in JAMA by Vincent Liu of the Kaiser Permanente Division of Research found 949 data breaches of health information between 2010 and 2013, affecting 29.1 million patient records. In an editorial, The Commonwealth Fund’s David Blumenthal and Deven McGraw of Manatt, Phelps & Phillips reflected on the study’s implications.
Study Findings in Context
A nationwide electronic health information system has the potential to improve care and provide a rich source of data for researchers. But such a system will be difficult to implement if patients fear their data are being compromised and either resist sharing or withhold important sensitive information.
Health care organizations, clinicians, and insurers can help. While some data breaches are the result of “malicious hacking,” more than 80 percent happen because organizations fail to follow “good data hygiene,” like encrypting health information. Policymakers also can help by revisiting the Health Insurance Portability and Accountability Act (HIPAA), which was enacted before the Internet and leaves substantial gaps in protection.
Loss of trust in an electronic health information system can undermine efforts to improve health and health care in the United States. Threats to the safety of health care data should receive more focused attention from public and private stakeholders.