HealthDay News — Most protected health information (PHI) breaches compromise sensitive demographic and/or financial information, according to a research letter published online Sept. 23 in the Annals of Internal Medicine.
John (Xuefeng) Jiang, Ph.D., from Michigan State University in East Lansing, and Ge Bai, Ph.D., from the Johns Hopkins Bloomberg School of Public Health in Baltimore, examined the details of published PHI breaches from Oct. 21, 2009, to July 1, 2019. Data were included from 1,461 breaches from 1,388 entities that affected 169 million patients in aggregate.
The researchers found that all 1,461 breaches involved one or more pieces of demographic information; sensitive demographics were compromised in 964 breaches (66 percent) affecting 150 million patients (89 percent). Service or financial information was compromised in 513 breaches (35 percent); 186 breaches affecting 49 million patients compromised sensitive financial information. Overall, there were 1,042 unique breaches involving sensitive demographic and/or financial information, accounting for 71 percent of breaches and 94 percent of affected patients. Medical or clinical information was compromised in 944 breaches (65 percent) affecting 48 million patients. Of these, 2 percent (22 cases) involved sensitive medical information.
“Policymakers may consider requiring entities to provide standardized documentation of the types of compromised PHI, in addition to persons affected, when reporting breaches,” the authors write. “Such information will facilitate the analysis and understanding of breaches and their consequences and the development and adoption of PHI security practices.”