One in eight patients have had healthcare data breached

Accenture Survey calls for healthcare providers to improve data security

Survey by Accenture, among 1,000 people, revealed that:

  • The vast majority of us believe that healthcare providers have a great deal of responsibility for keeping digital healthcare data secure
  • 56% of those who experienced a breach were victims of medical identity theft
  • On average, 77% had to pay approximately£172 in out-of-pocket costs per incident
  • Breaches are most likely to occur in pharmacies, followed by hospitals, urgent care clinics, physician’s offices and retail clinics

One in eight consumers in England —13% — have had their personal medical information stolen from technology systems, according to results of a new survey from Accenture.

Health organisations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors

The probe of 1,000 consumers in England revealed that the vast majority – 78% - believe healthcare providers have a great deal of responsibility for keeping digital healthcare data secure, compared to only 40% who believe it is their personal responsibility.

Despite this, the findings show that more than half – 56% - of those who experienced a breach were victims of medical identity theft; and more than three-quarters of those victims - 77% - had to pay approximately £172 in out-of-pocket costs per incident, on average.

In addition, the survey found that the breaches in England were most likely to occur in pharmacies — the location cited by more than one-third – 35% - of consumers who experienced a breach — followed by hospitals (29%), urgent care clinics (21%), physician’s offices (19%) and retail clinics (14%).

More than a third (36%) of English consumers who experienced a breach found out about it themselves, or learned about it passively through noting an error on their health records or credit card statement.

Patients must remain more vigilant than ever in keeping track of personal information, including credit card statements and health records which could alert them to breaches

Only one fifth (20%) were alerted to the breach by the organisation where it occurred, and even fewer consumers – 14% - were alerted by a government agency.

Among those who experienced a breach, the majority (70%) were victims of medical information theft, with more than a third (39%) having personal information stolen.

Most often, the stolen identity was used for fraudulent activities - cited by 82% of data-breached respondents, including fraudulently filling prescriptions (42%) or fraudulently receiving medical care (35%).

And, a quarter of consumers in England (25%) had their health insurance ID number or biometric identifiers (18%) compromised.

Unlike credit card identity theft, where the card provider generally has a legal responsibility for significant account holder losses; victims of medical identity theft often have no automatic right to recover their losses.

“Patients must remain more vigilant than ever in keeping track of personal information, including credit card statements and health records which could alert them to breaches,” said Aimie Chapple, managing director of Accenture’s UK health practice and client innovation in the UK & Ireland.

“Similarly, health organisations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors.”

Despite the myriad breaches occurring, consumers still trust their healthcare providers (84%), labs (80%) and hospitals (79%) to keep their healthcare data secure, more than they trust the government (59%) or health technology companies (42%) to do so.

About two thirds of consumers in England (65%) either maintained or gained trust in the organisation from which their data was stolen, following a breach. And, more than half (68%) of English consumers said they want to have at least some involvement in keeping their healthcare data secured, whereas only a quarter (28%) said that they have such involvement today.

In response to the breach, nearly all (95%) of the consumers who were data-breach victims reported that the company holding their data took some type of action.

The time to assure consumers that their personal data is in secure, capable hands is now

Some organisations explained how they fixed the problem causing the breach (cited by 29%), explained how they would prevent future breaches (23%), or explained the consequences of the breach (22%). Of those that experienced a breach, over half (53%) of respondents felt the breach was handled somewhat well, while only 15% of respondents felt the breach was handled very well, indicating there is potential room to improve.

“The time to assure consumers that their personal data is in secure, capable hands is now,” Chapple said.

“When a breach occurs, healthcare payers and providers should be able to swiftly notify those affected, with a plan of action on how to remedy the situation and prevent it from happening again.”

The findings above come from the English feedback from a seven-country survey.