Despite stricter privacy and security regulations, hospitals are struggling to protect patient information.  According to a recent Ponemon Study, breaches are costing the health care industry $6 billion annually.

The top three causes of breaches:

  • Unintentional employee action
  • Lost or stolen computing devices
  • Third-party accidents


Lessons Learned:  Failure to protect sensitive and personally identifiable information is expensive and damaging to a health care organization’s reputation.  Organizations need to complement their general awareness with ongoing situational awareness programs to ensure all employees (and third-parties) understand their individual roles and responsibilities for protecting sensitive patient information.  With mounting regulatory changes and the move to electronic records, it will be critical that all individuals understand risks, roles, responsibilities, policies, processes, protocols and regulatory obligations to prevent expensive and embarrassing breaches.