Larry Ponemon has released a study of 65 organizations, which he used to extrapolate that patient data breaches cost hospitals $6 billion per year

70% of healthcare organizations said that protecting patient data was a low priority; 67% of organizations said they had less than two staff members dedicated to data protection management.

A majority of healthcare organizations said they had little confidence in their ability to secure patient records. According to the study, 71% of healthcare organizations had inadequate resources to protect patient data, and 69% said that there were insufficient policies and procedures in place to prevent and detect patient data loss.

The phrase little confidence in their own ability is a loaded one. I wonder if this is a split between security experts answering anonymously versus the direction of their leadership, or unified pessimism among health care management.

I noticed something odd about the numbers. Here is another look:

• 70% of healthcare organizations said that protecting patient data was a low priority
• 67% of organizations said they had less than two staff members dedicated to data protection management
• 71% of healthcare organizations had inadequate resources to protect patient data
• 69% said that there were insufficient policies and procedures in place to prevent and detect patient data loss
• 71% of respondents did not believe the HITECH Act regulations had significantly changed the management practices of patient records

I could predict the next number in that sequence although I am neither a math whiz, nor a statistician.

70% of 65 organizations is 45. Slight deviation in the answers cold come from the same 45 over and over (and over), or from the other 20 — if you are a cup is half full person. The extrapolated $6 billion estimate gets harder to believe when the numbers run so consistently. The webinar was today. I’ll have to email him my questions.