Intensive ID Care Needed

Hospitals do a much better job of saving lives than protecting personal data.

According to a recent poll of healthcare officials, patient data breaches are growing in number, fraud is rarely investigated, compliance requirements are often enforced late, third-party security is weak and federal reforms aren’t helping. The Spring 2010 National Survey of Hospital Compliance Executives found that "the pandemic of data breaches and medical identity theft remains at critical levels throughout hospitals in the United States despite new regulations, including the HITECH Act, meant to protect the security of patients’ personal information,” according to an executive summary of the results.

The survey, conducted by IdentityForce, an identity theft security company, showed that 41.5 percent of responding hospitals had 10 or more data breaches in the past year, a 120 percent increase from 2008. About 20 percent of hospitals surveyed had 20 or more data breaches last year.

Although medical identity theft is among the fastest growing forms of identity fraud, 71.4 percent of hospitals in the survey said they looked into fewer than 50 cases of identity fraud each year. Only a third of responding hospital compliance executives said their hospitals kept good patient identification records.

Critics of the survey results said the health care industry had a better opportunity than many industries to shore up information technology security and privacy protocols through the 1996 Health Insurance Portability and Accountability Act, known as HIPAA.