The price of health care privacy violations

Source: the authors
Copyright: the authors
License: Creative Commons Attribution (CC-BY).

By Kevin Manne. Originally published by the University at Buffalo’s School of Management.

BUFFALO, N.Y. — The health care leaders of tomorrow are willing to violate privacy laws—for a price, according to new research from the University at Buffalo School of Management.

Recently published in JMIR Medical Informatics, the study found that when people feel there’s a good chance they could get caught, they’re less likely to violate HIPAA—the federal law restricting the release of medical information. But when medical treatment for their friend or family member is on the line, most will give up another person’s information regardless of the probability of getting caught.

“The health care industry has more insider breaches than any other industry,” says Lawrence Sanders, PhD, professor of management science and systems at the UB School of Management. “Soon-to-be-graduates are the trusted insiders of tomorrow, and their knowledge could be used to compromise organizational security systems.”
The researchers developed five scenarios to determine if monetary incentives could be used to convince people to illegally obtain and release health care information. A pilot study surveyed 64 medical residents and 32 executive MBA candidates to test the constructs, while the main study surveyed 523 students, with an average age of 21 years, on the cusp of entering the workforce.

In the pilot study, just 6% of those surveyed would succumb to monetary incentives to violate medical information privacy laws. But in the main study, 46% said there is a price that is acceptable for violating HIPAA.

When a personal context is involved, the percentages increase dramatically. In the main study, 79% of respondents said they would give a politician’s medical records to a media outlet in exchange for $100,000 to pay for an experimental treatment for their mother that insurance wouldn’t cover.

“The dark side of the abundance of personal information is that it can be compromised by insiders who know how valuable it is,” says Joana Gaia, PhD, clinical assistant professor of management science and systems at the UB School of Management. “The key to reduce privacy violations like these will be to implement organizational procedures, constantly monitor, and develop educational and training programs that encourage HIPAA compliance.”

Sanders and Gaia collaborated on the study with UB School of Management alumni Xunyi Wang, MS ’16, PhD ’20, assistant professor of information systems at the Baylor University Hankamer School of Business, and Chul Woo Yoo, PhD ’14, associate professor of information technology and operations management at the Florida Atlantic University College of Business.

Original article

Gaia J, Wang X, Yoo CW, Sanders GL. Good News and Bad News About Incentives to Violate the Health Insurance Portability and Accountability Act (HIPAA): Scenario-Based Questionnaire Study. JMIR Med Inform 2020;8(7):e15880

DOI: 10.2196/15880

PMID: 32706677

Leave a Reply

Your email address will not be published. Required fields are marked *