Health System
A new review of data breaches reported in the healthcare system found that 949 cases occurred between 2010 and 2013. The problem is likely underreported by hospitals and insurance companies, the authors say. Reuters/Hyungwon Kang

Millions of patient records have been compromised in recent years by security breaches at healthcare facilities and insurance companies around the country, according to a new review. Healthcare organizations reported 949 security breaches that put 29 million patient records at risk from 2010 to 2013. Most of those breaches occurred through electronic networks.

The new data comes as the Obama administration pushes for a nationwide network of electronic health records that would enable patients to move seamlessly between physicians.

The rate of breaches is on the rise, growing slightly from 214 in 2010 to 265 in 2013, according to the review from researchers at Stanford University and Kaiser Permanente Division of Research. In 58 percent of cases, thieves were deliberately trying to access the data or steal equipment on which it was hosted, by stealing a nurse’s laptop containing patient records, for example. Instances of hacking or otherwise gaining access to data through unauthorized methods have composed a growing portion of total data breaches over time, rising from 12 percent in 2010 to 27 percent in 2013.

Dr. David Blumenthal, president of The Commonwealth Fund, who wrote an editorial published Tuesday in the Journal of the American Medical Association about the breaches, said many security threats could be avoided if hospitals and insurers simply practice “good data hygiene” and properly dispose of records or encrypt data. In 67 percent of cases tracked in the new analysis, the breach occurred through some form of digital media, while about 22 percent involved paper records.

“I don't think people expect 100 percent assurance of safety and privacy and security, but I think they want to know that the government and the responsible private parties are working hard to make it safer all the time and I don't think we've done enough to convince people of that yet,” Blumenthal says.

Researchers from Stanford and Kaiser Permanente tracked breaches at hospitals, clinicians and insurers covered by the Health Insurance Portability and Accountability Act (HIPPA) reported through an online database. The team focused only on breaches that affected at least 500 records and which were disclosed to the U.S. Department of Health and Human Services through the database. Six of the breaches affected at least a million records each. They released the results on Tuesday to the Journal of the American Medical Association.

This year, any physician who treats Medicare patients is required to accept electronic health records or suffer a lower reimbursement rate as part of the Obama administration’s $30 billion plan to modernize the health care system's methods of record-keeping. So far, about 80 percent of doctors and 60 percent of hospitals have switched to electronic health records since 2009, as the Wall Street Journal reports.