recommended reading

Standards body releases e-health hack calculator

Faced with the reality that health care data breach legislation is unlikely to emerge, the American National Standards Institute on Monday set forth a financial reason for providers to protect their patients' online privacy.

The cost of patient data losses during the past year ranged between $8,000 and $300,000 per health care organization, mostly due to credit or identity theft monitoring and forensic and legal fees, according to a new report from the standards body.

A December 2011 study by Ponemon Institute LLC found that 96 percent of health care providers had suffered at least one breach during the past two years.

There is growing consensus that current health care privacy legislation is inadequate for safeguarding patient data on the Internet. The Obama administration has set rules to cover gaps in the 1996 Health Insurance Portability and Accountability Act that address the improper reuse of data by medical business partners, and the economic stimulus package also added e-health care protections.

According to the ANSI study, the complexity of these regulations is partly to blame for a lack of compliance. In addition, privacy activists note that the new rules cover only the contractors of doctors and health plans and not commercial online health records, Internet companies and app developers.

Data breach protections for personal health information are not in either the Democratic or Republican versions of pending comprehensive cybersecurity reforms.

"Moving legislation through Congress in this area is probably going to be pretty difficult," said Larry Clinton, president of Internet Security Alliance, a trade group that partnered with ANSI on the report. He said a sophisticated cost analysis of a breach scaled to the size of a provider's practice might be a better motivator to improve health care security.

When asked to name the most significant barriers to maintaining the privacy and security of patient information, 59 percent of the more than 100 ANSI study participants who responded cited a lack of funding. More than 100 health care industry participants responded.

"The regulated industry felt that the laws were so complex that they were impossible to comply with," said James C. Pyles, a Washington health care lawyer and lobbyist who helped lead the study. The regulations "are not preserving the public's trust and not giving the industry a fair shake."

In reaction to federal and state laws, one respondent said, "we do not have the employee resources or the funds to deal with additional federal regulations."

The federal government is shoveling more than $25 billion into incentives for the health care industry to adopt digital medical records.

In medical identity theft, scammers steal either physician identification numbers or patient ID information to fraudulently bill for medical services. ANSI provided the example of a clerk in a Florida medical clinic who lifted the medical IDs of 1,100 patients and then sold them to others, triggering $2.8 million in false Medicare claims.

Just last fall, Science Applications International Corp. admitted to exposing the health care records of 4.9 million Military Health Care System beneficiaries, when computer tapes were stolen from an SAIC employee's car, the federal contractor admitted.

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.