Fascinating presentation by Sung Choi and Eric Johnson that provides evidence that data breaches at hospitals may reduce the quality of patient care subsequent to the breach becoming public.
As SC Media summed up Choi and Johnson’s claims,
Sung Choi of the university’s Owen Graduate School of Management said data breaches trigger remediation activities, regulatory inquiries and litigation in the years following a breach, that disrupt and delay hospital services leading to a decline in care, according to the Wall Street Journal.
“Before a breach, the control group and breached hospitals are similar, then after a breach there appears some change in trend that made the breach hospitals have worse quality,” Choi said.
Hospitals are an interesting case for security because generally nurses and doctors need to access machines quickly to provide care to patients, while security protocols are generally designed to slow down access to devices.
I don’t visit the hospital that often, but more than once have had nurses have to excuse themselves from a room because they needed assistance accessing a machine where someone else was already logged in or where security protocols had changed since the last time the individual used the machine.
As Choi and Johnson put it on a slide titled “What is the relationship between health data breaches and hospital quality?”
- We hypothesize that breaches may adversely impact patient mortality because remediation activities after a breach disrupt provider care-practices
- New security procedures, processes, and software worsen the usability of health IT for clinicians
- Costs to fix the damages from a breach may divert resources away from patient care