Encryption and the Loss of Patient Data

Miller, Amalia R.; Tucker, Catherine E.

Author(s)

Tucker, Catherine Elizabeth; Miller, Amalia R.

DownloadTucker_Encryption and the loss.pdf (339.9Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/

Metadata

Show full item record

Abstract

Fast-paced IT advances have made it increasingly possible and useful for firms to collect data on their customers on an unprecedented scale. One downside of this is that firms can experience negative publicity and financial damage if their data are breached. This is particularly the case in the medical sector, where we find empirical evidence that increased digitization of patient data is associated with more data breaches. The encryption of customer data is often presented as a potential solution, because encryption acts as a disincentive for potential malicious hackers, and can minimize the risk of breached data being put to malicious use. However, encryption both requires careful data management policies to be successful and does not ward off the insider threat. Indeed, we find no empirical evidence of a decrease in publicized instances of data loss associated with the use of encryption. Instead, there are actually increases in the cases of publicized data loss due to internal fraud or loss of computer equipment.

Date issued

2011-05

URI

http://hdl.handle.net/1721.1/75854

Department

Sloan School of Management

Journal

Journal of Policy Analysis and Management

Publisher

Wiley Blackwell

Citation

Miller, Amalia R., and Catherine E. Tucker. “Encryption and the Loss of Patient Data.” Journal of Policy Analysis and Management 30.3 (2011): 534–556.

Version: Author's final manuscript

ISSN

0276-8739

1520-6688

Collections

MIT Open Access Articles

DSpace@MIT