Privacy with Health Information Technologies: What Story Do Data Breaches in US Tell Us?

Over the last decades, health policy makers have encouraged healthcare organizations to leverage health information technology (HIT) for improving the accessibility, the quality, and the efficiency of health service delivery. The adoption of HIT has contributed to the digitization of health data, which has made these data vulnerable to information technology (IT) related security breaches. Based on data published by the US Department of Health and Human Services (DHHS), we analyze the portrait of health data breaches in the USA from 2009 to 2018 in order to figure out whether there are clear patterns of breach that stand out. In addition to descriptive statistics characterizing health data breaches, this study suggests three well-separated patterns of these breaches: (1) breaches mainly related to hacking / IT incident, (2) breaches due to unauthorized access / disclosure, and (3) breaches due to theft. All these patterns of breaches have different implications regarding priorities for health IT security and privacy professionals. However, further investigations with additional data are needed to fully comprehend the phenomenon of health data breaches and their implications in terms of IT security and privacy.