Data breach remediation efforts and their implications for hospital quality

Health Serv Res. 2019 Oct;54(5):971-980. doi: 10.1111/1475-6773.13203.


Objective: To estimate the relationship between breach remediation efforts and hospital care quality.

Data sources: Department of Health and Human Services' (HHS) public database on hospital data breaches and Medicare Compare's public data on hospital quality measures for 2012-2016.

Materials and methods: Data breach data were merged with the Medicare Compare data for years 2012-2016, yielding a panel of 3025 hospitals with 14 297 unique hospital-year observations.

Study design: The relationship between breach remediation and hospital quality was estimated using a difference-in-differences regression. Hospital quality was measured by 30-day acute myocardial infarction mortality rate and time from door to electrocardiogram.

Principal findings: Hospital time-to-electrocardiogram increased as much as 2.7 minutes and 30-day acute myocardial infarction mortality increased as much as 0.36 percentage points during the 3-year window following a breach.

Conclusion: Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.

Keywords: data breach; privacy; quality of care; security.

Publication types

  • Research Support, U.S. Gov't, Non-P.H.S.

MeSH terms

  • Computer Security / standards*
  • Computer Security / statistics & numerical data*
  • Confidentiality / standards*
  • Electronic Health Records / standards*
  • Electronic Health Records / statistics & numerical data
  • Hospitals / standards*
  • Hospitals / statistics & numerical data
  • Humans
  • Medicare / standards*
  • Medicare / statistics & numerical data
  • Quality of Health Care / standards*
  • Quality of Health Care / statistics & numerical data
  • United States