When it comes to health-related data breaches, hospitals, doctors’ offices and even senior living organizations oftentimes are the culprits.

Researchers from Michigan State University and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal issues — not because of hackers or external parties.

“More than half of the cases we reviewed were not triggered by external factors — but rather by internal negligence,” said John Jiang, Ph.D., lead author and associate professor of accounting and information systems at MSU’s Eli Broad College of Business.

Jiang suggested providers adopt internal policies and procedures that can tighten processes and prevent internal parties from leaking personal health information by following a set of simple protocols. The procedures to mitigate the information breaches related to storage include transitioning from paper to digital medical records, safe storage, moving to non-mobile policies for patient-protected information and implementing encryption. Procedures related to personal health information communication include mandatory verification of mailing recipients, following a “copy vs. blind copy” protocol (bcc vs cc) as well as encryption of content.

Full findings appear in JAMA Internal Medicine.

Related Articles