One in eight consumers in England (13 percent) have had their personal medical information stolen from technology systems, according to results of a new survey from Accenture.
The survey of 1,000 consumers in England revealed that the vast majority (78 percent) believe healthcare providers have a great deal of responsibility for keeping digital healthcare data secure, compared to only 40 percent who believe it is their personal responsibility. Despite this, the findings show that more than half (56 percent) of those who experienced a breach were victims of medical identity theft and more than three-quarters of those victims (77 percent) had to pay approximately £172 in out-of-pocket costs per incident, on average.
In addition, the survey found that the breaches in England were most likely to occur in pharmacies — the location cited by more than one-third (35 percent) of consumers who experienced a breach — followed by hospitals (29 percent), urgent care clinics (21 percent), physician’s offices (19 percent) and retail clinics (14 percent). More than one-third (36 percent) of English consumers who experienced a breach found out about it themselves or learned about it passively through noting an error on their health records or credit card statement. Only one-fifth (20 percent) were alerted to the breach by the organization where it occurred, and even fewer consumers (14 percent) were alerted by a government agency.
Among those who experienced a breach, the majority (70 percent) were victims of medical information theft with more than a third (39 percent) having personal information stolen. Most often, the stolen identity was used for fraudulent activities (cited by 82 percent of data-breached respondents) including fraudulently filling prescriptions (42 percent) or fraudulently receiving medical care (35 percent). And, a quarter of consumers in England (25 percent) had their health insurance ID number or biometric identifiers (18 percent) compromised. Unlike credit-card identity theft, where the card provider generally has a legal responsibility for significant account holder losses, victims of medical identity theft often have no automatic right to recover their losses.
“Patients must remain more vigilant than ever in keeping track of personal information including credit card statements and health records which could alert them to breaches,” said Aimie Chapple, managing director of Accenture’s UK health practice and client innovation in the UK & Ireland. “Similarly, health organizations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors.”
Despite the myriad breaches occurring, consumers still trust their healthcare providers (84 percent), labs (80 percent) and hospitals (79 percent) to keep their healthcare data secure more than they trust the government (59 percent) or health technology companies (42 percent) to do so. About two-thirds of consumers in England (65 percent) either maintained or gained trust in the organization from which their data was stolen, following a breach. And, more than half (68 percent) of English consumers said they want to have at least some involvement in keeping their healthcare data secured, whereas only a quarter (28 percent) said that they have such involvement today.
In response to the breach, nearly all (95 percent) of the consumers who were data-breach victims reported that the company holding their data took some type of action. Some organizations explained how they fixed the problem causing the breach (cited by 29 percent), explained how they would prevent future breaches (23 percent) or explained the consequences of the breach (22 percent). Of those that experienced a breach, over half (53 percent) of respondents felt the breach was handled somewhat well while only 15 percent of respondents felt the breach was handled very well, indicating there is potential room to improve.
“The time to assure consumers that their personal data is in secure, capable hands is now,” Chapple said. “When a breach occurs, healthcare payers and providers should be able to swiftly notify those affected, with a plan of action on how to remedy the situation and prevent it from happening again.”