By Nicole Perlroth
Published 12/18/11
The New York Times: Technology
One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it.
So began a nightmare that cost Mr. Tripathi’s small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees. Not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed.
Mr. Tripathi’s nonprofit, the Massachusetts eHealth Collaborative in Waltham, Mass., works with doctors and hospitals to help digitize their patient records. His employee’s stolen laptop contained unencrypted records for some 13,687 patients — each record containing some combination of a patient’s name, Social Security number, birth date, contact information and insurance information — an identity theft gold mine.
His experience was hardly uncommon. As part of the 2009 stimulus bill, the federal government provides incentive payments to doctors and hospitals to adopt electronic health records. Some 57 percent of office-based physicians now use electronic health records, a 12 percent jump from last year, according to the Centers for Disease Control.
An unintended consequence is that as patient records have been digitized, health data breaches have surged. The number of reported breaches is up 32 percent this year from last year, according to the Ponemon Institute, a security research group. Those breaches cost the industry an estimated $6.5 billion last year. In almost half the cases, a lost or stolen phone or personal computer was responsible.
The entire story can be read here.