Health Data Breaches Documented

Protected medical information, including patient medical records, is alarmingly susceptible to security breaches, two new reports suggest.

The first report comes from the Health and Human Services Department, and finds that more than 7.8 million people had their medical information compromised by 252 major security breaches over a recent 15-month period. Smaller breaches affected another 30,500 people.

The second report comes from Veriphyr Inc., a data security services provider. It found that 71 percent of health-care providers who responded to a recent online survey had reported at least one medical records security breach in the previous year. More than a third, 35 percent, resulted from employees snooping into their coworkers' medical records, while 36 percent were by employees sniffing out the records of friends, relatives or neighbors. VIP records were compromised in 6 percent of cases involving inside breaches.

The HHS report looked at data breaches that occurred between Sept. 23, 2009, when notification requirements went into effect, and Dec. 31, 2010. HHS is required to report its findings to Congress as part of the Health Information Technology for Economic and Clinical Health Act.

About half of the major breaches reported to HHS - those affecting more than 500 people -- were the result of theft, including stolen electronic equipment such as network components, laptops or hard drives. The largest reported theft affected 1.9 million people, HHS said.

Other reported incidents involved hacking or other intrusions with intent to commit fraud. Human error, the loss of electronic or paper records, and improper disposal of paper records accounted for the other major cases.