It seems not a week goes by that we don’t hear about a data loss incident in the healthcare industry, be it a provider or payer. Despite the regular headlines, the number of data breaches in the healthcare industry is on the rise. Healthcare IT News reports that more than 6 million people have been affected by breaches of protected health information since the HITECH Act breach notification went into effect. And in 2010, the Identify Theft Resource Center (ITRC) recorded 160 data breaches in the health/medical category—that’s more than double the 2009 total.

What’s more, data breaches in healthcare cost $301 per record, which is $87 more per record than the average. For more stats on the cost of a data breach, check out the Ponemon Institute’s U.S. Cost of a Data Breach study.

Not surprisingly, healthcare IT pros now recognize they face a problem.  A recent survey indicates that 76 percent of healthcare IT decision makers claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns. And consumers are concerned as well; a recent poll shows that 49 percent believe that electronic health records (EHRs) will negatively impact the privacy of their PHI.

The question then is “what can be done today to protect personal health information and ultimately protect an organization from an embarrassing and costly data breach?”  The answer: encryption.

We’ve talked a bit about Why Encryption Matters in past posts. And, if we’ve said it once, we’ll say it a million times: it’s all about the data.

The health care industry faces the same data protection challenges that other industries confront on a daily basis. Sure, health care organizations have industry-specific regulations with which they must comply, like HIPAA and the HITECH Act; but when you get down to it, every company, no matter the industry, is challenged to protect its data.

Protecting data requires that security be built in, starting with data creation and following data as it is modified, transferred, stored and archived. At the core of data protection is using encryption, everywhere the data goes.

And, with the ever-increasing movement of information in and out of enterprise boundaries, you can expect the importance of encryption will grow. Already, there are some interesting shifts taking place. Over the last few years, many companies have been focusing on encryption at the endpoints. Because of the increase in breaches through malware, companies are shifting resources to encrypt data inside the data center, rather than just at the endpoints.

How is your organization rolling out encryption technologies?

We’ll be talking more about information protection challenges and trends here at In Defense of Data. So, check back every week and join the conversation.  As always, I welcome your comments.