“Embrace cyber insurance,” says a report exploring the lessons to be learned from health care data breaches issued Thursday by the Brookings Institution.

The report by the Washington-based public policy organization says data breaches, which have exposed the medical data of more than 155 million Americans over the past six years, “now threaten the core businesses of hospitals.”

While human error is the leading cause of the majority of breaches analyzed, other factors outside of an organization may hinder privacy protection efforts, according to the report, which is based on 22 in-depth interviews of key personnel conducted between Jan. 1 and March 15 at a variety of health care providers.

These factors include the “outdated” Health Insurance Portability and Accountability Act of 1996, which “falls short of addressing modern cyber security standards”; medical device manufacturers' failure to ensure the security of their products and instead transfer their responsibility to health care organizations; and the “very punitive” process that is initiated by the Office for Civil Rights at the U.S. Department of Health and Human Services when a data breach occurs.

The report's recommendations include that health care organizations should purchase cyber insurance, which it says “can fundamentally improve how patient privacy is viewed and managed” in the sector.

“To underwrite the privacy risk of health care organizations, cyber insurance companies will be willing and able to conduct timely and efficient audits and proactively manage their clients' privacy protection efforts,” the report says.

Other recommendations include prioritizing patient privacy and using available resources to protect it; better communication among health organizations and between health care organizations and federal agencies; better communication of the details of breach incident audits; and establishing a universal HIPAA certification system.

The report, “Hackers, Phishers, and Disappearing Thumb Drives: Lessons Learned from Major Health Care Data Breaches,” was prepared by Niam Yaraghi, a fellow in the Brookings Institution's Center for Technology Innovation.