The records of 94 million patients have been stolen from healthcare entities so far this year, according to a report from conservative think tank American Action Forum (AAF).
The organization estimated the cost of that theft at $37.4 billion by multiplying that 94 million by the $398 value of each record, as estimated by the Ponemon Institute.
AAF’s report says that in 2013, 90 percent of hospitals claimed to have a computerized system capable of conducting or reviewing a security risk analysis. However, data breaches and the number of records compromised in each breach are increasing. The numbers indicate a 160 percent increase in the average number of records compromised in a single breach from 2014 to 2015, according to the report.
“Already, more has been spent on responding to security breaches of health care records in the first six months of 2015 than the total amount of federal incentives paid through the HITECH Act to make this transition happen,” the report says.
The increase could be due to having a more connected healthcare system, AAF poses.
In a blog post, J.K. Wall, Indianapolis Business Journal reporter, quibbled with AAF's estimates, noting that the report pegged the cost of the Anthem breach alone at more than $31 billion. Since the scale of the Anthem breach surpassed any previous healthcare breach, Wall suggests the cost per record may be lower than AAF's estimates, however, he notes the costs should still spur providers into securing their systems.
The AAF report also looks into the cost of implementing an EMR system return on investment. The report cites one researcher’s finding that early adopters had increased costs for at least the first three years after adoption. The IT workforce in the hospitals’ area played a significant role in costs after adoption.
As EMR adoption continues to increase along with the type of information gathered, policymakers should work with experts and the public to ensure that the appropriate balance is struck between sharing information to allow advancements and providing necessary privacy protections.
Read the complete report.