The price of health care privacy violations

Nurse reviewing medical records.

Release Date: July 20, 2020

Print
“The dark side of the abundance of personal information is that it can be compromised by insiders who know how valuable it is. ”
University at Buffalo School of Management

BUFFALO, N.Y. — The health care leaders of tomorrow are willing to violate privacy laws—for a price, according to new research from the University at Buffalo School of Management.

Recently published in JMIR Medical Informatics, the study found that when people feel there’s a good chance they could get caught, they’re less likely to violate HIPAA—the federal law restricting release of medical information. But when medical treatment for their friend or family member is on the line, most will give up another person’s information regardless of the probability of getting caught.

“The health care industry has more insider breaches than any other industry,” says Lawrence Sanders, PhD, professor of management science and systems in the UB School of Management. “Soon-to-be-graduates are the trusted insiders of tomorrow, and their knowledge could be used to compromise organizational security systems.”

The researchers developed five scenarios to determine if monetary incentives could be used to convince people to illegally obtain and release health care information. A pilot study surveyed 64 medical residents and 32 executive MBA candidates to test the constructs, while the main study surveyed 523 students with an average age of 21 who are on the cusp of entering the workforce. 

In the pilot study, just 6% of those surveyed would succumb to monetary incentives to violate medical information privacy laws. But in the main study, 46% said there is a price that is acceptable for violating HIPAA. 

When a personal context is involved, the percentages increase dramatically. In the main study, 79% of respondents said they would give a politician’s medical records to a media outlet in exchange for $100,000 to pay for an experimental treatment for their mother that insurance wouldn’t cover.

“The dark side of the abundance of personal information is that it can be compromised by insiders who know how valuable it is,” says Joana Gaia, PhD, clinical assistant professor of management science and systems in the UB School of Management. “The key to reduce privacy violations like these will be to implement organizational procedures, constantly monitor, and develop educational and training programs that encourage HIPAA compliance.”

Sanders and Gaia collaborated on the study with UB School of Management alumni Xunyi Wang, MS ’16, PhD ’20, assistant professor of information systems in the Baylor University Hankamer School of Business, and Chul Woo Yoo, PhD ’14, associate professor of information technology and operations management in the Florida Atlantic University College of Business.

The UB School of Management is recognized for its emphasis on real-world learning, community and economic impact, and the global perspective of its faculty, students and alumni. The school also has been ranked by Bloomberg Businessweek, Forbes and U.S. News & World Report for the quality of its programs and the return on investment it provides its graduates. For more information about the UB School of Management, visit mgt.buffalo.edu.

Media Contact Information

Contact
Kevin Manne
Assistant Director of Communications
School of Management
716-645-5238
kjmanne@buffalo.edu