Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2019 Oct;54(5):971-980.
doi: 10.1111/1475-6773.13203.

Data breach remediation efforts and their implications for hospital quality

Sung J Choi  1 M Eric Johnson  2 Christoph U Lehmann  3
Affiliations

Data breach remediation efforts and their implications for hospital quality

Sung J Choi et al. Health Serv Res. 2019 Oct.

Abstract

Objective: To estimate the relationship between breach remediation efforts and hospital care quality.

Data sources: Department of Health and Human Services' (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016.

Materials and methods: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations.

Study design: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram.

Principal findings: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach.

Conclusion: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

Keywords: data breach; privacy; quality of care; security.

PubMed Disclaimer

Figures

Figure 1
Figure 1
Timeline (A) and Conceptual Model (B)
Figure 2
Figure 2
Plot of the difference‐in‐difference model for AMI mortality rate [Color figure can be viewed at wileyonlinelibrary.com]
Figure 3
Figure 3
Plot of the difference‐in‐difference model for time to ECG [Color figure can be viewed at wileyonlinelibrary.com]
See this image and copyright information in PMC

References

    1. U.S. Department of Health & Human Services . Breach report. Published 2016. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. Accessed September 22, 2016.
    1. U.S. Department of Health & Human Services . Breach notification rule. Published 2016. http://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html. Accessed September 22, 2016.
    1. Department of Health and Human Services . University of California settles HIPAA Privacy and Security case involving UCLA Health System facilities. Published 2011. http://wayback.archive-it.org/3926/20140108162127/http://www.hhs.gov/new.... Accessed September 11, 2017.
    1. Department of Health and Human Services . Advocate Health Care Settles Potential HIPAA Penalties for $5.55|HHS.gov. Published 2016. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agree.... Accessed September 11, 2017.
    1. Department of Health and Human Services . Enforcement Process|HHS.gov. Published 2017. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/enfor.... Accessed September 11, 2017.

Publication types

MeSH terms