TY  - JOUR
AU  - Lee, Jinhyung
AU  - Choi, Sung J
PY  - 2021
DA  - 2021/7/6
TI  - Hospital Productivity After Data Breaches: Difference-in-Differences Analysis
JO  - J Med Internet Res
SP  - e26157
VL  - 23
IS  - 7
KW  - cybersecurity
KW  - data breach
KW  - health information technology
KW  - health information
KW  - hospital data breach
KW  - hospital productivity
KW  - information technology
KW  - privacy
AB  - Background: Data breaches are an inevitable risk to hospitals operating with information technology. The financial costs associated with data breaches are also growing. The costs associated with a data breach may divert resources away from patient care, thus negatively affecting hospital productivity. Objective: After a data breach, the resulting regulatory enforcement and remediation are a shock to a hospital’s patient care delivery. Exploiting this shock, this study aimed to investigate the association between hospital data breaches and productivity by using a generalized difference-in-differences model with multiple prebreach and postbreach periods. Methods: The study analyzed the hospital financial data of the California Office of Statewide Health Planning and Development from 2012 to 2016. The study sample was an unbalanced panel of hospitals with 2610 unique hospital-year observations, including general acute care hospitals. California hospital data were merged with breach data published by the US Department of Health and Human Services. The dependent variable was hospital productivity measured as value added. The difference-in-differences model was estimated using fixed effects regression. Results: Hospital productivity did not significantly differ from the baseline for 3 years after a breach. Data breaches were not significantly associated with a reduction in hospital productivity. Before a breach, the productivity of hospitals that experienced a data breach maintained a parallel trend with control hospitals. Conclusions: Hospital productivity was resilient against the shocks from a data breach. Nonetheless, data breaches continue to threaten hospitals; therefore, health care workers should be trained in cybersecurity to mitigate disruptions. 
SN  - 1438-8871
UR  - https://www.jmir.org/2021/7/e26157
UR  - https://doi.org/10.2196/26157
UR  - http://www.ncbi.nlm.nih.gov/pubmed/34255672
DO  - 10.2196/26157
ID  - info:doi/10.2196/26157
ER  -