One security expert estimates that one in three Americans had their personal health information exposed in 2015, a year that saw four of the five largest health network breaches in history.

The largest health care privacy breach in Ohio occurred in Springfield late last year when a contractor working for Community Mercy Health Partners inadvertently disposed of more than 113,000 medical records in a public recycling bin.

A 2009 law was supposed to strengthen government oversight of health care providers, but at least one of its key provisions hasn’t been implemented and the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) was called out by its Inspector General last year for not being proactive enough.

Since then, health care providers have reported more than 1,400 large breaches that involved more than 500 individuals, affecting more than 155 million people. The office has also investigated more than 125,000 smaller breaches and complaints.

Many in the industry point out that big data and health care have only been synonymous for about the past five years, meaning the systems and enforcement are still growing and maturing.

“Having a wealth of cyber data is recent for health care,” said Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance.

Hospitals haven’t been out front in terms of innovating to protect against fraud like banks were several decades ago, experts said, but it’s a much more complex industry.

In most cases, especially those involving hacking, organizations don’t have a willful disregard of the law. OCR looks to see that all efforts have been made to follow procedures and correct errors.

Some patients affected by local breaches said they were left with more questions than answers. “A letter’s not going to save my kids from identity theft,” Lisa Cornelison said.

Medical identity fraud can be particularly harmful, Patterson said.

Patients can find that someone who accessed their insurance information has maxed out their coverage limits for the year. A victim’s medical information can become co-mingled with the thief’s as well, such as wrong blood types or allergies listed.

“Over 20 percent of medical identity theft victims experience some form of negative health outcome,” Patterson said.

Click here to read the full article.

February 4, 2016 By Katie Wedell, Springfield News-Sun