HealthDay News — Most protected health information (PHI) breaches compromise sensitive demographic and/or financial information, according to a research letter published in the Annals of Internal Medicine.
John (Xuefeng) Jiang, PhD, from Michigan State University in East Lansing, and Ge Bai, PhD, from the Johns Hopkins Bloomberg School of Public Health in Baltimore, examined the details of published PHI breaches from October 21, 2009, to July 1, 2019. Data were included from 1461 breaches associated with 1388 entities that affected 169 million patients in aggregate.
The researchers found that all 1461 breaches involved 1 or more pieces of demographic information; sensitive demographics were compromised in 964 breaches (66%) affecting 150 million patients (89%). Service or financial information was compromised in 513 breaches (35%); 186 breaches affecting 49 million patients compromised sensitive financial information. Overall, there were 1042 unique breaches involving sensitive demographic and/or financial information, accounting for 71% of breaches and 94% of affected patients. Medical or clinical information was compromised in 944 breaches (65%) affecting 48 million patients. Of these, 2% (22 cases) involved sensitive medical information.
“Policymakers may consider requiring entities to provide standardized documentation of the types of compromised PHI, in addition to persons affected, when reporting breaches,” the authors write. “Such information will facilitate the analysis and understanding of breaches and their consequences and the development and adoption of PHI security practices.”