According to the Fourth Annual Benchmark Study on Patient Privacy and Data Security released on March 12 by Ponemon Institute, a privacy and data protection research center, the number and cost of reported healthcare data breaches declined slightly from 2012 to 2013. The report was sponsored by ID Experts, a security consulting company.

The reduction in the number and cost of breaches suggests that healthcare entities are taking notice of the federal government’s recent increased enforcement of the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), and taking steps to improve their management of sensitive data.

The report found that the increased sharing of patient health information under the Affordable Care Act (ACA) is among the top security concerns for healthcare organizations. The ACA requires, for example, that insurers and other healthcare entities share patient information with state health insurance exchanges. In addition, accountable care organizations and other care coordination models under the ACA require hospitals and other providers to share information with one another.

Employee negligence was the biggest concern for 75% of the report’s respondents. Most organizations now permit employees to use their own laptops and other mobile devices to access patient data stored on the organizations’ computer networks, but many are not confident of the security of these devices.