Vanderbilt Disputes Suggestion That Larger Hospitals ’ Data Is Less Secure

Ordinarily, disputes over whose data security is better are a bit of a snoozer for me. After all, if you’re not a security expert, much of it will fly right over your head, and that “non-expert” group definitely includes me. But in this case, I think the story is worth a closer look, as the study in question seems to include some questionable assumptions. In this case, the flap began in June, when a group of researchers published a study in JAMA Internal Medicine which laid out analysis of HHS statistics on data breaches reported between late 2009 to 2016. In short, the analysis concluded that teaching hospitals and facilities with high bed counts were most at risk for breaches. Not surprisingly, the study’s conclusions didn’t please everyone, particularly the teaching-and high-bed-count hospitals falling into its most risky category. In fact, one teaching hospitals’ researchers decided to strike back with a letter questioning the study’s methods. In a letter to the journal editor, a group from Nashville-based Vanderbilt University suggested that the study methods might hold “inherent biases” against larger institutions. Since HHS only requires healthcare facilities to notify the agency after detecting a PHI breach affecting 500 or more patients, smaller, targeted attacks might fall under its radar, they argued. In response, the authors behind the original study admitted that the with the reporting level for PHI intrusions starting at 500 pat...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: EHR Electronic Health Record Electronic Medical Record EMR EMR Security Healthcare HealthCare IT HIPAA General Hospitals Healthcare Data Breach HHS JAMA Internal Medicine PHI Teaching Hospitals Vanderbilt University Source Type: blogs