Veriphyr Survey Finds More Than 70 Percent of Healthcare Providers Suffered Privacy Breach in Past 12 Months

Leading Source is Employees Snooping into Medical Records

LOS ALTOS, Calif.--(BUSINESS WIRE)-- Veriphyr, a leading provider of Identity and Access Intelligence, today announced the results of new survey on Protected Health Information (PHI) privacy breaches. According to the findings, more than 70 percent of the organizations in the study have suffered one or more breaches of PHI within the last 12 months. Insiders were responsible for the majority of breaches, with 35 percent snooping into medical records of fellow employees and 27 percent accessing records of friends and relatives.

The report, entitled “Veriphyr’s 2011 Survey of Patient Privacy Breaches”, summarizes the findings of a survey of compliance and privacy officers at mid to large sized hospitals and healthcare service providers. Respondents were queried on their perceptions of privacy and compliance initiatives within their organization, adequacy of tools to monitor unauthorized access to PHI, and the number and type of breaches sustained in the past year. A complimentary copy is available here (registration required).

“Given that data breaches of patient information cost healthcare organizations nearly $6 billion annually, we were not very surprised to discover that more than 70 percent of the organizations surveyed were victimized last year,” said Alan Norquist, CEO of Veriphyr. “However, we did not expect the prevalence of insider abuse reported, and that nearly 80 percent of the respondents feel they lack adequate controls to detect PHI breaches in a timely fashion.”

Some of the report’s key findings include:

  • Top breaches in the past 12 months by type:
    • Snooping into medical records of fellow employees (35%)
    • Snooping into records of friends and relatives (27%)
    • Loss /theft of physical records (25%)
    • Loss/theft of equipment holding PHI (20%)
  • When a breach occurred, it was detected in:
    • One to three days (30%)
    • One week (12%)
    • Two to four weeks (17%)
  • Once a breach was detected, it was resolved in:
    • One to three days (16%)
    • One week (18%)
    • Two to Four weeks (25%)
  • 79% of respondents were “somewhat concerned” or “very concerned” that their existing controls do not enable timely detection of breaches of PHI
  • 52% stated they did not have adequate tools for monitoring inappropriate access to PHI

About Veriphyr

Veriphyr is a leading provider of Identity and Access Intelligence (IAI) that enables organizations to discover patient data privacy breaches and inappropriate access to patient data in applications, databases, and systems. The SaaS-based Veriphyr IAI solution applies advanced data analytics to transform identity, rights, and activity data into actionable intelligence for business management in privacy, compliance, and security. It starts delivering intelligence in days not months, since there’s no hardware or software to install or systems integration required. Veriphyr analyzes commercial and custom applications across a range of systems, including mainframe, midrange, Linux/Unix, and Windows servers. For more information visit, browse, and follow us on Twitter at

Veriphyr is a trademark of Veriphyr, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.


Marc Gendron PR
Marc Gendron, 781-237-0341
[email protected]

KEYWORDS:   United States  North America  California

INDUSTRY KEYWORDS:   Technology  Data Management  Networks  Software  Security  Health  General Health