Seventy-one percent of data breaches at hospitals comprise financial or demographic information that may cause identity theft or fraud, according to a study published in Annals of Internal Medicine.
East Lansing-based Michigan State University and Baltimore-based Johns Hopkins University researchers studied 1,461 protected health information breaches over the past decade to analyze the types of data that were compromised in hospital breaches.
Information included in the study was categorized as demographic, service or financial, or medical. Demographic data included names, email addresses and other personal identifiers. Service or financial data included the service date, billing amount and payment information. Medical data included diagnoses or treatment.
Three notes:
1. Of all 1,461 total breaches examined, researchers found each one contained at least one piece of demographic information.
2. Seventy-one percent of the breaches affecting 159 million patients compromised demographic or financial data that could be used for financial or identity fraud.
3. Two percent of the breaches impacting 2.4 million patients comprised sensitive medical information that could threaten their clinical privacy.
Study authors concluded that policymakers should consider establishing requirements so organizations must disclose what types of data were compromised during a breach.