As a physician, one of the most rewarding parts of my job is building relationships with my patients. In developing this connection, I’m able to better understand their healthcare challenges and frustrations, which enables me to ultimately help them achieve their health goals.
But establishing strong patient engagement is getting harder, in part due to the ever-changing regulations and daily demands we as physicians must manage.
Consider this: During a 20-minute appointment, physicians spend only about 12 minutes interacting with the patient and 8 minutes documenting their visit on the electronic health record (EHR). Once the patient leaves, we spend another 11 minutes completing documentation in an effort to keep up with payer demands and comply with other requirements.
While healthcare tech – in the forms of EHRs, patient portals, secure messaging or mobile apps – are proven to help foster stronger connections between physicians and patients, it’s the personal touch, the solid relationship between the patient and the provider, that’s most important.
Building a Trusted Relationship: The Patient <> Provider Connection
Despite best intentions, many healthcare practices fail to provide solid patient experiences. Considering today’s healthcare environment where individuals now foot more of their healthcare bill than ever before, patients are seeking greater value and convenience for their money.
According to a recent study, nearly half of all healthcare consumers are frustrated with their healthcare experiences. Why? Because there is a gap in perception between providers and consumers on the quality of experience currently being provided.
To overcome this disconnect, let’s go back to the basics. As a child, you’re taught that it’s proper etiquette to shake someone’s hand and look them in the eyes when speaking with them. This is true for physicians as well.
The first step in building better relationships with patients is to make eye contact with them. In fact, a recent JAMA study found that patients equate engagement with eye contact from the provider. As simple as this seems, many physicians (myself included) sometimes struggle with this due to the fact that we are heads down in our technology systems.
However, eye contact is a powerful form of nonverbal communication and shows our patients that we are giving them our undivided attention. Trust me – patients notice whether or not their doctors make eye contact. If we are constantly looking at our computer or tablet during an office visit, the patient automatically feels the disconnect and will rate their overall healthcare experience much lower.
Overcoming the Pitfalls of Technology to Improve the Patient Experience
While the human element in healthcare is of paramount importance, there is still a role for patient engagement technology, which can enhance and strengthen our personal relationships with patients. However, practices must make sure these tools are integrated and operate seamlessly. While patient engagement technologies look great on paper, when put into practice, they often require patients to use different apps or access a variety of unconnected systems.
Portals are one of the most common technologies that can be used to engage patients, however research shows that more than 56% of patients have said they’ve never been encouraged to use an online medical record by practice staff, and 47% of patients offered access to a portal have never viewed their health info. In addition to making patients aware that these technologies exist, it’s also crucial to discuss the benefits of patient portals, such as simplified processes for refilling prescriptions, scheduling appointments, reviewing health information and more.
Fostering a Successful Technology-Enabled Patient Engagement Strategy
While it’s true that it takes both people and software to truly engage patients, applications of patient engagement technology can be successful when enabled by a compassionate and sincere strategy. Some key considerations when implementing these technologies include:
The survival of highly regulated industries such as healthcare depend on secure information exchange.
Healthcare organizations, or “covered entities,” as they’re known, exchange large volumes of sensitive data daily: billing and medical records, prescriptions and refill requests, lab requisitions, clinical field trial results, patient clinical data, plus insurance claims, denials, appeals, and invoices.
Traditional analog fax, relic that it is, still transmits over the public telephone network, and remains difficult, if not impossible to intercept. For this reason, it is regarded as a more secure form of communication than email. In fact, a report on the health industry’s use of fax machines showed 75 percent of medical communication in the United States takes place via fax. Recent high-profile incidents of massive cyber-attacks exposing the personal details of millions of customers and patients reinforce the view that email remains a highly vulnerable means of business communication.
However, fax remains a viable means of exchanging protected healthcare information (PHI) for other reasons too. A recent IDC study noted that 25% of large businesses surveyed prefer fax over email because they believe it reduces their risk of violating data privacy regulations. An additional 28% prefer fax because it makes document tracking easier and sends alerts as to the success or failure of a transmission.
Then there’s the regulatory factor. Federal regulators who enforce healthcare data-privacy rules have exempted fax (and phone calls) from certain aspects of the HIPAA Security Rules. This has led to the widespread perception that fax is more compliant than other types of electronic communication for the transmission of PHI.
So fax persists. But the world has changed, and so have old notions about fax reliability. In fact, the issue has taken on greater importance with the Centers for Medicare & Medicaid Services Administrator Seema Verma challenging software developers to make physicians’ offices fax-free by 2020.
The Trouble with Legacy Fax
If you still use a fax machine, multifunction printer, or rely upon on-premises fax servers to transmit your faxes, then you support legacy fax.
This is a huge problem! Why? Because legacy fax can fail in ways that threaten an organization’s data security, and if in today’s data-driven world covered entities can’t keep the PHI of patients free from unauthorized exposure, they’d better, well, cover their entities as HIPAA violations are expensive and can torpedo your reputation, even your livelihood.
One of the greatest challenges in healthcare is keeping up with the changing landscape. Considering only since the beginning of 2019, the Centers for Medicare and Medicaid Services (CMS) and other federal agencies, such as the Office of National Coordinator of Health IT (ONC) and the Department of Health and Human Services (HHS), have introduced a number of rules as a measure of upholding their goal of empowering patients and enhancing healthcare efficiency. We’re at a very critical juncture in healthcare and from a regulatory perspective, there are a few key rules that merit a special focus which will have a great impact from both a clinical and financial standpoint.
The MyHealthEData Initiative in 2019
The MyHealthEData initiative, launched in March 2018, aims to “empower patients by ensuring that they control their healthcare data and can decide how their data is going to be used, all while keeping that information safe and secure.” Only a few days back, CMS upped the ante for better data access by expanding this initiative and announcing the pilot of “Data at the Point of Care.”
The Data at the Point of Care (DPC) pilot will be connecting providers with Blue Button data, where providers can access claims data to learn more about their patients and their previous diagnoses, procedures, and prescriptions. While providers had to comb through several hundred data sets previously, the DPC program would aim to make access to data easier and right within their workflows.
This announcement follows the relaunch of the Blue Button initiative, or Blue Button 2.0, that grants access to health data and enables patients to send that information using FHIR-based healthcare apps.
In a nutshell, these moves come as an overall push from CMS to promote better access to data and 100% healthcare interoperability. In addition to enabling data access, CMS has also been targeting information blocking, as reflected by 2019 MyHealthEData updates. With these measures, both patients and providers will have the required insights to make more informed healthcare decisions.
The Trusted Exchange Framework and Common Agreement
In April 2019, ONC published its second draft of the Trusted Exchange Framework and Common Agreement (TEFCA), focusing on three high-level goals:
Providing a single ‘on-ramp’ to nationwide connectivity
Enabling Electronic Health Information (EHI) to securely follow the patient wherever needed
Supporting nationwide scalability
TEFCA is basically a common set of principles which serve as “rules of the road” for nationwide electronic health information exchange across disparate health information networks (HINs). The framework, which was mandated by the 21st Century Cures Act, provides a set of policies and procedures along with technical standards required to enable healthcare data exchange among providers, state and regional HINs, and federal agencies.
In the age of internet and online shopping, striving to make it into the future by relying on traditional or outdated practices will get you nowhere! Thanks to the younger generations, various private and public departments are favoring online presence more now and we think, healthcare department should follow suit!
According to a survey by Accenture, the younger generations (millennials and Generation Z) will likely prefer new care models like retail clinics and virtual visits over the traditional methods. This spells trouble for the healthcare department since they still lack the tools to embrace the digital culture.
Digital Transformation in the Healthcare Sector
There is nothing wrong with the traditional health IT sector. It is just that many of the younger generations are outgrowing the traditional methods and now expect a different standard of service.
In the age of self-diagnosis from Google and WebMD, the young individuals constantly express dissatisfaction with the existing healthcare models. They are more comfortable with researching healthcare options online and are more likely to utilize non-traditional methods of engaging with the health department. Because of the reliance on the latest cutting-edge options, healthcare must understand that there is a need to adopt advanced techniques.
Currently, we are living in the digital age and the consumers are always on the lookout for a digital front-end experience. Since the internet has blurred boundaries, the younger generation is more aware of what they want and how they want it. At this point, the healthcare department seriously lacks the necessary digital tool to provide a better experience.
In a way, it is not just about the adoption of certain tools. Instead, we are talking about a complete transformation that will provide the healthcare department with the boost it needs to make things easier for the upcoming generations. The redesign will mean that high-quality, accessible, affordable, and effective healthcare can be provided through digital tools.
By Dr. Michael Blackman, medical director, population health and analytics, Allscripts.
As healthcare delivery continues to evolve, healthcare technology needs to be there to support it. But, how will technology facilitate healthcare as we move forward?
Healthcare accessibility, especially for certain populations, continues to be problematic. The expansion of telemedicine has the potential to improve access, especially for populations that have difficulty accessing care, such as those with mobility or transportation issues.
Additionally, looking from a primary care standpoint alone, a fair percentage of patient visits can be conducted remotely while continuing to insure care quality. Telemedicine can extend a clinician’s reach by freeing up office time for those who gain extra benefit from being seen in person. However, the technology must support both the clinician and patient interaction, while not creating new barriers.
Potential barriers can come not just from factors implicit in the technology, but from the way it is implemented as well. For example, simple things such as a clinician needing to turn his or her back to a patient to access the system disrupts the clinician/patient relationship. Workflow considerations need to be front and center for all technology-related changes.
Leverage what you have – especially the data
There’s continually a desire to pursue the next shiny object, the next buzzword, the next big technology. But it comes down to why? What are you trying to accomplish with new technology that you can’t already do today? If it serves a strategic goal, then the new technology may be highly beneficial, but have you optimized what you are using now?
Electronic health records (EHRs) and other healthcare technology have brought us a plethora of data, but how many of us are using this data effectively?
The original goal of capturing data in EHRs was to improve care. We need to use that data to understand and improve care delivery. Sometimes that requires new technology, but whether one is using new technology or not, improving care requires a change in the way business is conducted.
Are AI and machine learning the future of healthcare?
Both AI and machine learning are likely to be integral components of healthcare’s future, but the underlying culture and business framework supporting these technologies will determine if we are able to get the most from them. Differences in organizational culture and business processes often explain why some succeed and others fail using the same technology.
Definitive Healthcare released results from its 2019 Outpatient Telehealth Study. In this survey, Definitive Healthcare polled physicians and healthcare administrators to determine to determine telehealth adoption trends, technology, and services.
• Adoption Remains Flat 2018 to 2019: Adoption rates of telehealth solutions/services by outpatient physician practices remained relatively flat from 2018 to 2019, lingering at about 44 percent. However, the mix of telehealth technology solutions did shift this year, with an increase in two-way video/webcam, mobile applications for concierge services, and clinical grade remote patient monitoring devices.
• Telehealth Technologies Regarded Effective: Physician practices with telehealth solutions already in place rated the effectiveness of these technologies relatively high at an average of 6.51 out of 10 – well above the midpoint, and above all other survey categories. This indicates that, despite hurdles that hinder telehealth investment or adoption, these solutions are effective when in use.
• Providers with Telehealth Solutions Likely to Re-Invest: Roughly 65 percent of physician practices with a telehealth solution already in place plan to make further investments, up from 45 percent in 2018. Nearly 90 percent that plan to make an investment plan to do so in the next 18 months.
• No Need to Fix What’s Not Broken: Unlike the inpatient market, the priciness of telehealth solutions was not the primary barrier for outpatient adoption. In this survey, the majority of respondents (20.2%) cited “satisfaction with their practice’s current solutions and services” as their primary barrier when considering adopting telehealth technologies. Another major barrier for respondents, at 12.6%, was uncertainty surrounding reimbursement policies from insurance companies and at the national level.
“Based on these survey results, and the trends we’ve been observing in the market, there are three main hurdles that are currently hindering outpatient telehealth adoption. There is not only a need for more clarity around reimbursement policies, but also a need for more interoperable telehealth solutions that can be accessed through EHR or EMR systems as well as a better understanding about what types of telehealth options are available,” said Jason Krantz, CEO of Definitive Healthcare. “Until some of these issues are addressed, it may be some time before substantial outpatient investment is made in the telehealth arena.”
AMGA has endorsed two new Centers for Medicare & Medicaid Services (CMS) initiatives that are designed to ensure providers have access to claims data. Expanding access to administrative claims data for providers and their patients has been a longstanding AMGA priority.
The initiatives include Data at the Point of Care (DPC) and MyHealthEData. DPC is a new pilot application programming interface (API) program that would make beneficiaries’ Medicare claims data available to the provider for treatment. MyHealthEData, relies on Medicare’s Blue Button 2.0 initiative to provide beneficiaries and their providers with claims data. AMGA appreciates CMS enabling providers to access Medicare beneficiary claims data directly within their existing workflows through APIs, and we share CMS’ belief that access to a patient’s complete health record is crucial to managing a patient population and improving health outcomes.
“Access to claims data from all payers has been a longstanding priority for AMGA and its members,” Jerry Penso, M.D., M.B.A., AMGA president and CEO, said. “CMS’ latest initiatives support AMGA’s work by allowing providers to access Medicare claims data, and in effect, ensuring the successful transition from volume to value. If successful, CMS’ initiatives should inspire commercial insurers to follow suit in data sharing, a crucial step in delivering the most effective care for patients and improving health outcomes.”
Over the past four years, AMGA members repeatedly have indicated that access to timely Medicare and commercial payer administrative claims data is the most significant barrier to assuming risk. The DPC pilot and the MyHealthEData initiative could benefit organizations transitioning to value-based care. A study in the Annals of Internal Medicine further found that access to this data could be very helpful in providing effective courses of treatment with patients; however, care coordination challenges were still present. AMGA looks forward to working with CMS to help ensure the success of these initiatives and demonstrate the need for data sharing in the commercial setting.
Health Level Seven International (HL7), the global authority for interoperability in health information technology, and the American Academy of Family Physicians (AAFP), the only medical society devoted solely to primary care, are pleased to announce that the Gravity Project is now part of the HL7 FHIR Accelerator Program.
The Gravity Project aims to standardize medical codes to facilitate the use of social determinants of health-related data in patient care, care coordination between the health and human services sectors, population health management, value-based payment and clinical research. Social determinants of health (SDOH) are the conditions in which people are born, grow, work, live, and age, and the wider set of forces and systems shaping the conditions of daily life.
The HL7 FHIR Accelerator Program is designed to assist implementers across the health care spectrum to create HL7 FHIR implementation guides and other products than can facilitate FHIR acceleration and adoption activities. Other projects within the Accelerator Program include Argonaut, Da Vinci and CARIN Alliance.
Why the Gravity Project? Unmet social needs including limited access to food, transportation and housing can negatively impact health outcomes. Research has demonstrated that addressing social and medical needs in tandem improves health outcomes and lowers costs.
“Progress in patient care and research has made significant strides with the emergence of the HL7 FHIR Accelerator Program,” said HL7 International CEO Charles Jaffe, MD, PhD. “By incorporating the social determinants of health care into our decision process, the Gravity Project will help to transform care delivery and health analytics.”
In this context of mounting interest around collecting and using SDoH data in healthcare settings, new challenges have emerged related to the capacity of existing medical terminology standards to effectively capture, use and exchange the necessary data.
The Social Interventions Research and Evaluation Network (SIREN) at the Center for Health and Community, University of California, San Francisco, was an early catalyst of the Gravity Project, convening a diverse group of stakeholders as early as November 2017 to develop a strategy for achieving consensus-based comprehensive coding standards for SDOH data capture in EHR systems.
“With funding from the Robert Wood Johnson Foundation and in partnership with EMI Advisors LLC, SIREN is pleased to be working with multiple stakeholders to meet the rapidly expanding market needs around SDOH data documentation and interoperability,” said SIREN Director and UCSF associate professor of Family and Community Medicine, Laura Gottlieb, MD, MPH. “Building on work originally supported by Kaiser Permanente and the Robert Wood Johnson Foundation, the Gravity Project’s new partnership with HL7 will strengthen the capacity for SDOH information exchange between stakeholders, including clinical providers, patients, community organizations and payers.”
The Gravity Project has established a public collaborative process initially focused on three domains: food security, housing stability and quality, and transportation access. The project is working to:
Develop use cases to support documentation for screening, diagnosis, treatment/intervention, and planning activities within EHR and related systems;
Identify common data elements and their associated value sets to support the uses cases;
Develop a consensus-based set of recommendations on how best to capture and group these data elements for interoperable electronic exchange and aggregation; and
Develop an HL7 Fast Health Interoperability Resource (FHIR) Implementation Guide based on the defined use cases and associated data sets.
“The AAFP is pleased to act as convener for the Gravity Project and support information interoperability efforts,” said Shawn Martin, senior vice president of advocacy, practice advancement and policy for the American Academy of Family Physicians. “Our vision is to transform health care by addressing the social determinants of health through efforts such as our innovative HealthLandscape geoanalytics platform and The EveryONE Project to help family physicians take action and confront health disparities head-on. The important work of the Gravity Project will advance data exchange and allow family physicians to better care for patients and communities.”
The Blue Cross Blue Shield Association (BCBSA) is an active member of HL7’s initiatives to advance interoperability, and has joined SIREN and AmeriHealth Caritas in co-sponsoring the Gravity Project launch. Additionally, both the BCBS System and AmeriHealth Caritas have several programs in place to address SDOH, including actively collecting SDOH health data, engaging community health workers, providing rides to doctor appointments, and delivering healthy, affordable meals to people’s homes.
“The social and environmental conditions in which we live, such as access to healthy food and housing or reliable transportation, are critical to our health,” said Dr. Trent Haywood, chief medical officer for BCBSA and president of the Blue Cross Blue Shield Institute. “The Gravity Project will help enable the data interoperability that allows the entire health care community to address barriers that limit the ability to achieve optimal health.”
The Gravity Project has convened more than 500 experts from across the nation including clinical and community-based provider groups and payers to health technology developers and standards stewards, to collaboratively develop recommendations for how best to capture data about food, housing, and transportation risks and needs, for interoperable electronic health information exchange.
“AmeriHealth Caritas has been actively collecting social determinants of health data from member households for the past two years to help us better address their needs,” said Andrea Gelzer, MD, senior vice president of medical affairs for AmeriHealth Caritas. “The Gravity Project affirms our collective belief that standardizing the ways in which we all collect data will enable providers, plans, and other supportive agencies to quickly and more strategically mobilize care for the populations we serve.”
Participation in the Gravity Project is open to all interested organizations and individuals.
“We are pleased to coordinate and facilitate an open, transparent, and virtual community via the HL7 suite of collaboration tools,” said Evelyn Gallego, MBA, MPH, CPHIMS, program manager for the Gravity Project, and EMI Advisors CEO. “We invite all interested parties to visit the HL7 Confluence page to learn more about the Gravity Project, including how to become a participant and/or a sponsor of this important endeavor.”
Do you frequently run out of breath or feel winded even when you’re not doing physical exercise? Have you noticed that your heart rate has been out of control lately and that you’re coughing and wheezing much more than normal? Maybe you’ve even noticed that your skin tone looks incredibly pale or flushed with red. All of the things listed above are symptoms of low oxygen.
Our body uses oxygen for cell regeneration, to power our nervous system, and of course, to keep us alive and breathing. If your body isn’t getting the amount of oxygen you need, you’ll see serious consequences — and you need to give supplemental oxygen a try.
But is oxygen therapy really worth it? Read on to learn more about the top oxygen therapy benefits.
Better COPD Management
If you’re among the over 11 million people who have been diagnosed with COPD, then we know that you’re tired of dealing with dizziness, exhaustion, and shortness of breath. You may even be suffering from depression or a decrease in your social life because of your COPD.
One of the biggest oxygen therapy benefits is that it can help you to manage your COPD symptoms. It works by decreasing irregular heartbeats and keeping your pulmonary hypertension much more stable. This way, you can lessen the frequency and intensity of common COPD complications, including heart failure.
A More Intense Workout
Are you looking to take your workout to the next level?
Maybe you’re training for a marathon, trying to get in shape for a big event, or just want to see what you’re capable of. Most types of oxygen therapy can seriously increase both your energy levels and your overall metabolism.
It’s especially popular among distance runners who need to regulate their heartbeat and better control their breathing to help them stay on pace and avoid fatigue. Oxygen helps to promote new cell growth, which can mean faster results and higher overall endurance levels.
Effective and Safe Pain Management
Perhaps one of the biggest benefits of oxygen therapy is that it can serve as a form of pain management — especially for those suffering from severe nerve pain and damage.
If you have auto-immune disorders or another long-term health condition that frequently interferes with your life due to the intensity of the pain it causes you, oxygen therapy is certainly for you. This is likely because oxygen gives your body’s conductive fibers — the parts responsible for transmitting vitamins, hormones, and more through your system — a serious boost.
If you have a wound or a bruise from your illness or simply from an injury, oxygen therapy can help with that, as well. Often, these cuts and bruises last longer because your body can’t “afford” to spend its valuable oxygen supply on healing them faster.
But when you supplement the amount of oxygen your body takes in, you’ll notice things clear up much faster.
It Helps You to Focus
If you’re like most people, you likely have trouble focusing throughout the day. This lack of focus can be due to the foods we eat, our overall lifestyles, or even how interested we are in a particular topic. But many people don’t know that concentration levels are also influenced by the amount of oxygen in your body.
If your brain isn’t getting enough oxygen, it’s not able to carry messages between synapses quickly — and new cells can’t generate as quickly as they should. When you give yourself a boost, you’ll be truly ready to study or listen in during that dull meeting.
Additionally, oxygen therapy can also help you to fall asleep faster and stay asleep throughout the night. This means that you’ll avoid those mid-day crashes. Perhaps you’ll even be able to stop that over-reliance on caffeine.
You’ll Feel Better All-Around
Oxygen therapy also helps you to manage a variety of other health conditions and ensures that you feel your best. (We do want to state, however, that oxygen therapy is not a cure for any kind of illness or disease.)
It can help those suffering from migraines and frequent headaches, reduce swelling in the body and help to improve your overall digestion process.
It’s especially helpful for diabetes sufferers or those who are trying to lose weight, as it ensures that your body can process foods in a way that lets you get the highest possible amount of nutrients.
If you’re interested in trying a detox that doesn’t require you to restrict food, oxygen therapy has the same effect without the nasty juices. It can help to balance out yeast levels, eliminate bacteria, and give you a healthy gut.
Check out this site for tips on what to expect out of your first oxygen therapy session, effective types of oxygen supplementation, and more.
Experience These Oxygen Therapy Benefits for Yourself
Now that you’ve learned more about the importance of oxygenation, we bet that you’re ready to try it out for yourself. The oxygen therapy benefits featured in this post are just a small sampling of what restoring proper oxygen levels in your body can do for you.
Especially if you have COPD or another chronic illness, we do suggest that you speak with a medical professional before beginning any kind of new treatment, including oxygen therapy.
Want to learn more about what research says about oxygen therapy? Looking for other new tips and devices that can help you to better manage your COPD?
Commit to daily reading of our blog to get access to health data, tips, and tricks for living a better lifestyle, and much more.
IBM Security released the results of its annual study examining the financial impact of data breaches on organizations. According to the report, the cost of a data breach has risen 12% during the past five years and now costs $3.92 million on average. These rising expenses are representative of the multiyear financial impact of breaches, increased regulation and the complex process of resolving criminal attacks.
The financial consequences of a data breach can be particularly acute for small and midsize businesses. In the study, companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.
For the first time this year, the report also examined the longtail financial impact of a data breach, finding that the effects of a data breach are felt for years. While an average of 67% of data breach costs were realized within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach. The longtail costs were higher in the second and third years for organizations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.
“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services. “With organizations facing the loss or theft of more than 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”
Sponsored by IBM Security and conducted by the Ponemon Institute, the annual Cost of a Data Breach Report is based on in-depth interviews with more than 500 companies around the world that suffered a breach over the past year. The analysis takes into account hundreds of cost factors including legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity. Some of the top findings from this year’s report include:
Malicious Breaches – Most Common, Most Expensive: More than 50% of data breaches in the study resulted from malicious cyberattacks and cost companies $1 million more on average than those originating from accidental causes.
“Mega Breaches” Lead to Mega Losses: While less common, breaches of more than 1 million records cost companies a projected $42 million in losses; and those of 50 million records are projected to cost companies $388 million.
Practice Makes Perfect: Companies with an incident response team that also extensively tested their incident response plan experienced $1.23 million less in data breach costs on average than those that had neither measure in place.
S. Breaches Cost Double: The average cost of a breach in the U.S. is $8.19 million, more than double the worldwide average.
Healthcare Breaches Cost the Most: For the 9th year in a row, healthcare organizations had the highest cost of a breach – nearly $6.5 million on average (over 60% more than other industries in the study).
Malicious Breaches Pose a Growing Threat; Accidental Breaches Still Common
The study found that data breaches that originated from a malicious cyberattack were not only the most common root cause of a breach, but also the most expensive.
Malicious data breaches cost companies in the study $4.45 million on average – more than $1 million more than those originating from accidental causes, such as system glitch and human error. These breaches are a growing threat, as the percentage of malicious or criminal attacks as the root cause of data breaches in the report crept up from 42% to 51% over the past six years of the study (a 21% increase).
That said, inadvertent breaches from human error and system glitches were still the cause for nearly half (49%) of the data breaches in the report, costing companies $3.50 and $3.24 million respectively. These breaches from human and machine error represent an opportunity for improvement, which can be addressed through security awareness training for staff, technology investments, and testing services to identify accidental breaches early on. One particular area of concern is the misconfiguration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43% of all lost records for the year according to the IBM X-Force Threat Intelligence Index.
Breach Response Remains Biggest Cost Saver
For the past 14 years, the Ponemon Institute has examined factors that increase or reduce the cost of a breach and has found that the speed and efficiency at which a company responds to a breach has a significant impact on the overall cost.
This year’s report found that the average lifecycle of a breach was 279 days with companies taking 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. However, companies in the study who were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach.
A focus on incident response can help reduce the time it takes companies to respond, and the study found that these measures also had a direct correlation with overall costs. Having an incident response team in place and extensive testing of incident response plans were two of the top three greatest cost saving factors examined in the study. Companies that had both of these measures in place had $1.23 million less total costs for a data breach on average than those that had neither measure in place ($3.51 million vs. $4.74 million).
Additional factors impacting the cost of a breach for companies in the study included:
Number of compromised records: Data breaches cost companies around $150 per record that was lost or stolen.
Companies that fully deployed security automation technologies experienced around half the cost of a breach ($2.65 million average) compared to those that did not have these technologies deployed ($5.16 million average).
Extensive use of encryption was also a top cost saving factor, reducing the total cost of a breach by $360,000.
Breaches originating from a third party – such as a partner or supplier – cost companies $370,000 more than average, emphasizing the need for companies to closely vet the security of the companies they do business with, align security standards, and actively monitor third-party access.
Regional and Industry Trends
The study also examined the cost of data breaches in different industries and regions, finding that data breaches in the U.S. are vastly more expensive – costing $8.19 million, or more than double the average for worldwide companies in the study. Costs for data breaches in the U.S. increased by 130% over the past 14 years of the study; up from $3.54 million in the 2006 study.
Additionally, organizations in the Middle East reported the highest average number of breached records with nearly 40,000 breached records per incident (compared to global average of around 25,500.)
For the 9th year in a row, healthcare organizations in the study had the highest costs associated with data breaches. The average cost of a breach in the healthcare industry was nearly $6.5 million – over 60% higher than the cross-industry average.