A study published in the Journal of the American Medical Association (JAMA) verified that data breaches of protected health information are on the rise, a trend that will be difficult to reverse in the near future.

Vincent Liu, MD, MS, and colleagues analyzed data breaches of protected health information reported by companies protected under HIPAA. Each breach affected at least 500 individuals and was reported as required by the HITECH Act.

An HHS database lists 949 data breaches of protected health information reported from 2010-2013, affecting a staggering 29.1 million records.

In 2013, there were 265 breaches that affected 9 million records. This is up from 214 breaches and 5.1 records in 2010. There were two breaches in 2013 that affected more than 1 million records all on their own; in 2010, there was one such breach.

When analyzing what caused the breaches, the study found that 49.1% of the breaches in 2013 were caused by theft, down from 65% in 2010. The three other breach categories (loss or improper disposal, unauthorized access or disclosure, hacking or IT incident) all increased.

“Given the rapid expansion in electronic health record deployment since 2012, as well as the expected increase in cloud-based services provided by vendors supporting predictive analytics, personal health records, health-related sensors, and gene sequencing technology, the frequency and scope of electronic health care data breaches are likely to increase,” Liu et al wrote.

Electronic health records and patient engagement have been at the center of many debates in recent months, especially with MU Stage 3 requiring that 25% of patients must view their EHR. Health organizations are scrambling to get up to speed, but not at the expense of security.

Patients must fully buy in for EHRs to be effective, wrote David Blumenthal, MD, MPP, in a JAMA editorial.

“If patients have concerns that their digitized personal health information will be compromised, they will resist sharing it via electronic means, thus reducing its value in their own care and its availability for research and performance measurement,” he wrote in the editorial. “Loss of trust in an electronic health information system could seriously undermine efforts to improve health and health care in the United States.”

Blumenthal also said that policymakers must do more to protect our health information.

“Beyond the adequacy of HIPAA, the security of the nation’s health information systems is inextricably linked to the ability to fend off cyber threats more generally,” Blumenthal said. “National policy on this larger question remains nascent.”