Study: Breaches, Remediation Efforts Linked to Lower Quality of Patient Care

Hospitals may find their quality of care slipping following a data breach, and the reason may be linked to the more stringent security measures put in place, a study suggests.

“Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes,” concluded a study published by the journal Health Services Research.[1] “Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes,” the authors wrote.

Michelle O’Neill, vice president of corporate compliance & privacy at Summit Health Management in New Jersey, said there are ways to counter potential decreases in quality and timeliness of care, but first, hospitals need to focus on the issue.

“Make sure when remediation occurs, the nonmandatory remediation actions are weighed against how this will impact users—physicians—and timeliness,” O’Neill, who was not involved in the study, told RPP. “Clinical leadership should be involved in the changes and remediation efforts that are being made.”

The study considered how a reported breach affected clinical care and hospital quality by comparing data from the year prior to a reported breach to the three years following a reported breach.

The researchers included data from both the Medicare Compare database and Office for Civil Rights records of data breaches for the years 2012-2016, yielding a panel of 3,025 hospitals with 14,297 “unique hospital year observations,” allowing them to study records spanning the four-year time frame. They used a control group of hospitals for comparison.

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field