Avoidable ‘Collateral Damage’ from Data Breaches | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Avoidable ‘Collateral Damage’ from Data Breaches

April 29, 2014
by John DeGaspari
| Reprints
Incidents exact a toll of public trust in addition to financial costs

A report released on April 29 by Javelin Strategy and Research has found that a high percentage of consumers avoid doing businesses that have experienced data breaches. The report focuses on three industries: healthcare, as well as the financial and retail sectors.

Among healthcare providers, 30 percent of patients will seek a new provider if their hospital or doctor’s office suffers a data breach. It also noted that, to supplement the limited resources of the Department of Health and Human Services (HHS), state attorneys general may now pursue civil cases related to data breaches on behalf of the federal agency. These civil cases may open the door to costly fines in addition to brand damage of the breached healthcare providers, it says.

In addition to declining revenue, the report said that post-breach expenditures go up significantly. The offer of identity protection services is a common practice across all of the industries surveyed, but especially so in healthcare: 54 percent of providers offer victim identity protection services (IDPS). The report maintains that while consumers may benefit due to the wide range of sensitive personal identifiable information and personal health information they share with their providers, IDPS generally offers poor protection against medical identity fraud.  This results in unnecessary costs to the provider organization and a false sense of security for consumers, it says.

The report recommends that provider organizations conduct ongoing risk assessments as a preventative measure, and that the process should incorporate a “sensitive data management” program, which can be tailored to each organization. Such a program should include five steps:

  1. Sift through irrelevant data to identify sensitive information;
  2. Classify sensitive information and assign accountability to manage and protect it;
  3. Secure unprotected files and remove at-risk data;
  4. Centrally monitor policies, actions, and good behavior going forward; and
  5. Report compliance with policy and regulation.

The survey was conducted among 5,634 U.S. adults over age 18 in October 2013. The report was sponsored by Identity Finder, LLC. Javelin maintains independence in its data collection, findings and analysis, and says the sponsor was not involved with the tabulation of the survey data or analysis.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.