Since 2011, Medicare and Medicaid providers have received nearly $32 billion in financial incentives for becoming “meaningful users” of electronic health records (EHRs). Such incentives are being paid by the federal government with the hopes of enabling wide-spread interoperability of EHR systems in order to allow for improvements in health care delivery and (eventually) cost savings. However, with more than 74 percent of physicians and 95 percent of hospitals now using EHRs, virtually every American is at risk of having their health and personal information breached, and hackers are clearly finding EHRs more valuable. The chart below shows the increase in hacking/IT incidents both in numerical counts and as a percentage of all EHR breaches that occur in a given year.[1] In the past few weeks, there have been numerous reports of various health care entities’ EHR systems being hacked and their records being held for ransom. The inability to access patients’ records can be logistically debilitating, causes significant amounts of money to be wasted repeating tests, and puts patients’ health at risk. EHRs are supposed to lead to cost savings, but significantly more resources are going to need to be invested in health information security. In a recent survey, 52 percent of hospital information and security personnel reported that their organization spent less than 3 percent of their information technology (IT) budget on IT security.

[1] Breaches may result from a hacking/IT incident, improper disposal, unauthorized access/disclosure, loss, or theft of information.