The price of health care privacy violations

internet information
Credit: CC0 Public Domain

The health care leaders of tomorrow are willing to violate privacy laws—for a price, according to new research from the University at Buffalo School of Management.

Recently published in JMIR Medical Informatics, the study found that when people feel there's a good chance they could get caught, they're less likely to violate HIPAA—the federal law restricting release of medical information. But when for their friend or family member is on the line, most will give up another person's information regardless of the probability of getting caught.

"The health care industry has more insider breaches than any other industry," says Lawrence Sanders, Ph.D., professor of management science and systems in the UB School of Management. "Soon-to-be-graduates are the trusted insiders of tomorrow, and their knowledge could be used to compromise organizational security systems."

The researchers developed five scenarios to determine if monetary incentives could be used to convince people to illegally obtain and release health care information. A surveyed 64 and 32 executive MBA candidates to test the constructs, while the main study surveyed 523 students with an average age of 21 who are on the cusp of entering the workforce.

In the pilot study, just 6% of those surveyed would succumb to monetary incentives to violate medical information privacy laws. But in the main study, 46% said there is a price that is acceptable for violating HIPAA.

When a personal context is involved, the percentages increase dramatically. In the main study, 79% of respondents said they would give a politician's to a media outlet in exchange for $100,000 to pay for an experimental treatment for their mother that insurance wouldn't cover.

"The dark side of the abundance of personal information is that it can be compromised by insiders who know how valuable it is," says Joana Gaia, Ph.D., clinical assistant professor of management science and systems in the UB School of Management. "The key to reduce privacy violations like these will be to implement organizational procedures, constantly monitor, and develop educational and training programs that encourage HIPAA compliance."

Citation: The price of health care privacy violations (2020, July 21) retrieved 18 May 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Researchers identify privacy law gaps in high school STI health services


Feedback to editors