Data breach remediation efforts and their implications for hospital quality

Sung J. Choi, M. Eric Johnson, Christoph U. Lehmann

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Objective: To estimate the relationship between breach remediation efforts and hospital care quality. Data Sources: Department of Health and Human Services’ (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016. Materials and Methods: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations. Study Design: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram. Principal Findings: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach. Conclusion: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

Original languageEnglish (US)
Pages (from-to)971-980
Number of pages10
JournalHealth Services Research
Volume54
Issue number5
DOIs
StatePublished - Oct 1 2019
Externally publishedYes

Fingerprint

Medicare
Electrocardiography
Myocardial Infarction
United States Dept. of Health and Human Services
Computer Security
Mortality
Quality of Health Care
Information Storage and Retrieval
Health Services
Patient Care
Databases

Keywords

  • data breach
  • privacy
  • quality of care
  • security

ASJC Scopus subject areas

  • Health Policy

Cite this

Data breach remediation efforts and their implications for hospital quality. / Choi, Sung J.; Johnson, M. Eric; Lehmann, Christoph U.

In: Health Services Research, Vol. 54, No. 5, 01.10.2019, p. 971-980.

Research output: Contribution to journalArticle

@article{dd6932d3939c41a6b5078f904b82f0bc,
title = "Data breach remediation efforts and their implications for hospital quality",
abstract = "Objective: To estimate the relationship between breach remediation efforts and hospital care quality. Data Sources: Department of Health and Human Services’ (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016. Materials and Methods: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations. Study Design: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram. Principal Findings: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach. Conclusion: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.",
keywords = "data breach, privacy, quality of care, security",
author = "Choi, {Sung J.} and Johnson, {M. Eric} and Lehmann, {Christoph U.}",
year = "2019",
month = "10",
day = "1",
doi = "10.1111/1475-6773.13203",
language = "English (US)",
volume = "54",
pages = "971--980",
journal = "Health Services Research",
issn = "0017-9124",
publisher = "Wiley-Blackwell",
number = "5",

}

TY - JOUR

T1 - Data breach remediation efforts and their implications for hospital quality

AU - Choi, Sung J.

AU - Johnson, M. Eric

AU - Lehmann, Christoph U.

PY - 2019/10/1

Y1 - 2019/10/1

N2 - Objective: To estimate the relationship between breach remediation efforts and hospital care quality. Data Sources: Department of Health and Human Services’ (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016. Materials and Methods: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations. Study Design: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram. Principal Findings: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach. Conclusion: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

AB - Objective: To estimate the relationship between breach remediation efforts and hospital care quality. Data Sources: Department of Health and Human Services’ (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016. Materials and Methods: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations. Study Design: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram. Principal Findings: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach. Conclusion: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

KW - data breach

KW - privacy

KW - quality of care

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85072033097&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072033097&partnerID=8YFLogxK

U2 - 10.1111/1475-6773.13203

DO - 10.1111/1475-6773.13203

M3 - Article

C2 - 31506956

AN - SCOPUS:85072033097

VL - 54

SP - 971

EP - 980

JO - Health Services Research

JF - Health Services Research

SN - 0017-9124

IS - 5

ER -