Johan Gustav Bellika
Norwegian Centre for e-health research, University hospital of North Norway, Tromsø, Norway / Department of Clinical Medicine, Faculty of Health Sciences, UiT The Arctic University of Norway
Alexandra Makhlysheva
Norwegian Centre for e-health research, University hospital of North Norway, Tromsø, Norway
Per Atle Bakkevoll
Norwegian Centre for e-health research, University hospital of North Norway, Tromsø, Norway
Download articlePublished in: Proceedings from The 15th Scandinavian Conference on Health Informatics 2017 Kristiansand, Norway, August 29–30, 2017
Linköping Electronic Conference Proceedings 145:9, p. 55-59
Published: 2018-01-04
ISBN: 978-91-7685-364-1
ISSN: 1650-3686 (print), 1650-3740 (online)
The study surveys the probability and consequences of protected health information (PHI) data breaches. We analysed the development of data breaches in the US data breach registry available online in 2010-2016 by focusing on two PHI breach categories: theft and loss, and hacking and unauthorised use. 79% of all analysed PHI breaches was the result of hacking or unauthorised use versus 19% caused by loss or theft. Totally over 171 million persons were affected by PHI breaches during the analysed period, which corresponds to 54% of the US population. On average, 4.6 million persons are annually affected by theft or loss of PHI versus 19.4 million affected by hacking and unauthorised use of PHI. The number of hacking attacks increased by 15 times from 2010 to 2016. The largest single loss of PHI so far is 78.8 million records. The analysis has shown the risk of PHI breaches in the US is high and significantly increasing. In Scandinavian settings, such a risk would imply measures to reduce both probability and consequence of breaches
[1] HSØ RHF. 2017, May 24. Foreløpig redegjørelse iMod V1.pdf. Retrieved June 23, 2017, from https://www.helsesorost.no/Documents/Styret/Styrem%C3%B8ter/2017/20170524/2017-05-24%20HS%C3%98%20RHF%20-%20Forel%C3%B8pig%20redegj%C3%B8relse%20iMod%20V1.pdf
[2] Blumenthal, D., & McGraw, D. 2015. Keeping personal health information safe: the importance of good data hygiene. JAMA, 313(14), 1424. https://doi.org/10.1001/jama.2015.2746
[3] Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., … Steinhubl, S. R. 2016. Privacy and security in the era of digital health: what should translational researchers know and do about it? American Journal of Translational Research, 8(3), 1560–1580.
[4] ISO/IEC 27005 risk management standard. (n.d.). Retrieved June 23, 2017, from
http://www.iso27001security.com/html/27005.html
[5] Liu, V., Musen, M. A., & Chou, T. (2015). Data Breaches of Protected Health Information in the United States. JAMA, 313(14), 1471. https://doi.org/10.1001/jama.2015.2252
[6] NOT-OD-15-086: Notice for Use of Cloud Computing Services for Storage and Analysis of Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy. (n.d.). Retrieved May 15, 2017, from https://grants.nih.gov/grants/guide/noticefiles/NOT-OD-15-086.html
[7] Privacy | HHS.gov. (n.d.). Retrieved May 15, 2017, from https://www.hhs.gov/hipaa/forprofessionals/privacy/
[8] U.S. Department of Health & Human Services – Office for Civil Rights. (n.d.). Retrieved May 15, 2017, from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf