Trust in healthcare providers’ ability to keep the sensitive data of patients and health plan members secure remains high, even though the past two years have seen record numbers of healthcare data breaches reported.
In 2015, more than 113 million healthcare records were exposed or stolen, and 2016 saw more healthcare data breaches discovered than in any other year since records first started being kept.
According to a recent survey by Accenture, 88% of Americans trust their healthcare providers to keep their health information secure. 36% of respondents said they had a great deal of trust in their healthcare providers and believed they could prevent their health data from being accessed or stolen.
Trust in pharmacies was similarly high, with 85% of respondents believing data would not be stolen, while hospitals were trusted by 84% of respondents. Health insurance companies fared slightly worse, with 82% of respondents saying they trusted their insurer to keep their data secure. Health technology companies were the least trusted in the healthcare sphere, with only 57% of respondents believing they would be able to prevent their health data from being stolen.
The survey, which was conducted on 2,000 Americans from across the United States, showed the extent to which Americans have been impacted by healthcare data breaches. 26% of respondents said their healthcare data had been stolen from healthcare organizations.
The effect of having data stolen in a healthcare data breach was clearly shown in the responses to the survey. Half of individuals who said their data had been stolen said they had suffered medical identity theft as a result. When medical identity theft had occurred, the victims of the breaches incurred out-of-pocket expenses of $2,500 on average.
The Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) requires breach victims to be notified of the theft of ePHI within 60 days of the discovery of a breach. However, half of the individuals who had suffered medical identity theft did not find out about a healthcare data breach from their healthcare providers. They discovered they were a victim of medical identity theft from looking at their Explanation of Benefits statements, credit reports, bank statements, and credit card bills.
That suggests that either healthcare providers are slow to discover or report breaches, or that stolen data is now being used much faster than in previous years. Following the theft of medical data, cybercriminals typically wait to use the information – sometimes up to two years or more – to avoid detection. That may no longer be the case.
An interesting revelation from the survey is that healthcare patients and health insurance policyholders are now taking action following healthcare data breaches and are switching providers. 25% of individuals who had been affected be a healthcare data breach said they changed healthcare providers as a result, while 21% of respondents said they had changed insurer following a data breach.