Hospitals and health care organizations will need more than a couple of aspirin to ready themselves for a likely increase in data security headaches this year, suggests the sponsor of a study on the topic.

Industry experts representing health care law, privacy, security, regulatory, and data breach were asked to forecast health care data trends for 2012. The overall consensus? Protecting patients' health information should be viewed as a patient safety issue. If the right actions aren't taken, experts predict, health care data breach will reach epidemic levels this year.

Those predictions mirror other findings in the2011 Benchmark Study on Patient Privacy and Data Security, by Ponemon Institute, of Traverse City, Mich., which conducts independent research on privacy, data security, and information security policy. Ponemon's study found the frequency of data breaches in health care organizations surveyed increased by 32 percent, costing the U.S. health care industry an average of $6.5 billion.

2011 was the year when most physicians had mobile devices, when health care became one of the most-breached industries, and the Department of Health and Human Services Office for Civil Rights (OCR) cracked the whip with investigations and multimillion-dollar fines for organizations that didn't meet their patient privacy obligations, Ponemon says.

The following are some 2012 predictions in health care data:

•Health care organizations won't be immune to data breach risks caused by the spread of mobile devices in the workforce, says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. In the recent study, 81 percent of health care providers said they use mobile devices to collect, store, and transmit some form of patient information. However, 49 percent of those admitted they aren't taking steps to secure their mobile devices.

•Class-action litigation firestorms are imminent, says Kirk Nahra, partner, Wiley Rein LLP. Class-action lawsuits will be on the rise in 2012, he says, as patients sue health care organizations for failing to protect their patient information. Last year saw several class-action lawsuits against organizations, some involving business associates, stemming from breached patient data. Regardless of the outcomes, such lawsuits are being touted as a significant risk and tremendous expense for companies affected by them.

•Social media risks in health care will grow, says Chris Apgar, CEO and president of Apgar & Associates LLC. As more physicians and health care organizations move to social media to communicate with patients and promote services, the misuse of social media will increase, as will the risk of exposure of patient information. Often, he says, health care organizations don't develop a social media use plan and employees represent a significant risk, potentially exposing patient information through their own personal social network pages.

•Cloud computing is not a panacea; technology is outpacing security and creating unprecedented liability risks, says James C. Pyles, principal at Powers Pyles Sutter & Verville PC. With fewer resources, cloud computing is an attractive option for health care providers, especially as health information exchanges increase. However, privacy and legal issues abound, such as compliance with HIPAA privacy and security regulations and allocation of liability when a privacy breach occurs. A covered entity will need to enter into a carefully written business associate agreement with a cloud computing vendor before disclosing health information and should ensure it has cybersecurity insurance to cover costs of a breach.

•Growing reliance on business associates will create new risks, says Larry Walker, president of The Walker Company. Economic realities will force health care providers to continue to outsource many of their functions, such as billing, to third parties or business associates. However, business associates are considered the "weak link in the chain," when it comes to data privacy and security. Sixty-nine percent of organizations that participated in the Ponemon study have little or no confidence in their business associates' ability to secure patient data. Third-party mistakes account for 46 percent of data breaches.

•Organizations risk reputation fallout, says Rick Kam, president and co-founder of ID Experts and chairman of the American National Standard Institute's "PHI Project," a project to research the financial impact of a health care data breach. Identity theft and medical identity theft resulting from data breach exposure are causing patients financial and emotional harm, often resulting in patients seeking out different medical providers, Ponemon says.

•Mobile will explode in health care, says Christina Thielst, health administration consultant and blogger. The use of tablets, smartphones, and tablet applications in health care is growing exponentially. Nearly one-third of health care providers use mobile devices to access electronic medical records or electronic health records systems, according to a CompTIA study. Providers will need to balance usability, preferences, and security and budgetary concerns, as well as adopt written terms of use with employees and contractors using personal devices at work, Ponemon says.

•Privacy and security training will be an annual requirement, says Peter Cizik, co-founder and CEO of BridgeFront. Health care organizations have gotten better at putting procedures in place, but staff are still not following them. Because the majority of breaches are caused by human error, not technology failures, targeted training and awareness programs are an effective way to prevent breaches.

•Rise in fraudsters will increase fraud risk education, says Jonnie Massey, supervisor at the Special Investigations Unit of Oregon Dental Service Cos. During hard economic times, there are more fraudsters and more opportunities for them to gain or keep a health care benefit they aren't entitled to. Educating those at risk for fraud and communicating consequences may deter someone from stepping over the line or help those at risk to prevent them from being a victim of health care fraud.

•Health care organizations will turn to cyber liability insurance, says Christine Marciano, president of Cyber Data Risk Managers LLC. As health care organizations continue to implement their electronic health records systems, they will consider options to protect themselves and their patients.