According to a Kroll Advisory Solutions survey of 250 hospitals and medical centers worldwide, the incidence of breaches of personal health information (PHI) has risen to 27 percent. In other words, 27 percent of the respondents reported at least one security breach in the past 12 months. That figure is up from 19 percent in 2010 and 13 percent in 2008.

Human error remains the greatest threat to health care data security, the survey indicated.

  • In 2012, 79 percent of respondents reported that a security breach was perpetrated by an employee.
  • Fifty-six (56) percent of respondents indicated that the source of a reported breach was unauthorized access to information by an individual employed by the organization at the time of the breach.
  • Forty-five (45) percent of respondents indicated that lack of staff attention to policy puts data at risk — an increase of 14 percent from 2010.

"When it comes to long-term prevention of data security incidents, it appears that the healthcare industry is not taking its own medicine," Kroll senior vice president Brian Lapidus said in a statement.

"There’s no question that HIPAA, HITECH and Red Flags have raised the base standard for protecting patient data, but combating the industry’s biggest security threats requires the essential combination of compliance and sound security measures. It’s like nutrition and exercise as the dynamic duo of weight loss. The magic happens when the two overlap."