News of the Day #375 - Lost patient data has cost Providence $7 million so far

1601 N. Tucson Blvd. Suite 9
Tucson, AZ 85716-3450
Phone: (800) 635-1196

Association of American Physicians and Surgeons, Inc.
A Voice for Private Physicians Since 1943
Omnia pro aegroto

News of the Day ... In Perspective

12/22/2006

Lost patient data has cost Providence $7 million so far

A year and $7 million after backup tapes, with information on 365,000 patients, were stolen from an employee�s minivan, Providence Health & Services is still mired in the aftermath.

Companies never know when liability from stolen data will end, according to Kroll, a firm that helps manage security risks. Creditors may fail to correct the victims� records, or the stolen data keeps getting resold and reused.

�You can�t stop the data from getting out. You just can�t,� said security researcher Alan Paller.

One use of stolen data is to submit fraudulent Medicare claims. Federal prosecutors allege that $2.8 million in false claims were based on a printout of information on 1,100 patients that a Cleveland Clinic receptionist gave to a relative.

Medical data is vulnerable at each hand-off. �As soon as [data] ends up at other organizations, it�s out of your control,� stated Paul Stamp, a security analyst at Forrester Research. �Yet if there�s a problem, it�s the primary doctor or insurer who gets the blame.�

Providence is providing patients with at least a year of free credit monitoring, and has promised free credit restoration unless it can show that the stolen data did not cause the patient�s problem. It has produced more than 60,000 pages of documents in a class-action lawsuit.

The FBI is predicting �a crime wave of health-care fraud, identity theft and cybercrime.� In the past year, the average cost per data breach has reached $4.8 million. The FBI estimates that U.S. businesses are losing $67.2 billion annually because of computer-related crimes. Since February 2005, 93.8 million personal records have been reported lost or stolen.

More than 90 percent of data breaches in the last year were in digital form; only 9 percent involved paper records. Some 40 percent of publicly disclosed security breaches were caused by hackers or insider access, specifically targeting sensitive personal information (Deborah Gage and Kim S. Nash, �Case Dissection: Serious Pain,� Baseline, December 2006).

Additional information:

�Medical Records Theft Damages Credit Ratings, Threatens Lives,� News of the Day 10/12/06.
�Data Mining,� AAPS News, August 2006.
AAPS Membership/Subscription Information

News of the Day ... In Perspective

News of the Day Archive