Impact Insights

Week in Review 5/15/15

The average cost of a data breach for a healthcare organization is more than $2.1 million, according to the Ponemon Institute’s 5th Annual Benchmark Study on Privacy & Security of Healthcare Data For the first time since the study has been conducted, “criminal attacks” were the most commonly cited cause of data breaches, surpassing “lost or stolen devices.”  Only 53% of respondents agreed with the statement “my organization has personnel who have technical expertise to be able to identify and resolve data breaches involving the unauthorized access, loss or theft of patient data.”  Even fewer (49%) agreed that their organization “has sufficient technologies that effectively prevent or quickly detect unauthorized patient data access, loss or theft.”  Overall, 69% of respondents indicated their organization identified a breach by conducting an audit or assessment – but almost one in four said they also discovered a breach purely by accident!  [Note that respondents were primarily from private and public provider organizations, but a small percentage were also from health plans and government agencies.]

Impact Advisors’ Thoughts:  We believe awareness about the importance of investing in information security has increased over the last few years, but studies like this one are an important reminder that it can’t be just a one-time investment.  As the IT department grows, the overall investment in information security efforts every year should grow as well.  For more on avoiding a false sense of security in healthcare, be sure to download Impact Advisors’ recent white paper!

A recent study published in the Journal for Healthcare Quality reports that most U.S. data registries are “substandard and lack [the] critical features necessary.”  Researchers from Johns Hopkins studied 153 U.S. registries “containing health service and disease outcomes data” and found less than 25% of those clinical registries adjust outcomes for risk, and only 18% actually audit their data.  Overall, the study concluded “with a few notable exceptions, most registries are underdeveloped, underfunded and often are not based on sound scientific methodology.”  According to the authors, a good clinical registry ideally includes:

  • “Data accounting for differences in patient case complexity across hospitals that allows for meaningful comparisons of outcomes”
  • “Broad hospital participation”
  • “Measurement of complications that matter to patients and affect their quality of life”
  • “Independent data collection that eliminates the bias inherent in self-reporting”
  • “Public reporting and open access to hospital performance for taxpayer-funded registries”

Impact Advisors’ Thoughts:  Getting value from registries goes far beyond simply collecting information.  As the authors point out, learning more about diseases – and potential treatments – on a national or macro level can’t be effective unless the data captured is 1) accurate, 2) from a representative number of hospitals, and 3) sufficiently adjusted to account for factors like disease complexity and risk.   Electronic reporting of public health information is a fairly high priority for the federal government right now though, so it will be interesting to monitor progress and changes over the next 2-3 years.

In case you missed it… a new report from Visiongain claims the “value of the global wearables technology market in 2015 will reach $16.1 billion.”  More details are also available in this story from FierceMobileHealthcare.