Paper and film records are the most common location of data breaches in hospitals, according to a study published in The American Journal of Managed Care.

Researchers analyzed statistics on data breaches reported to the HHS Office of Civil Rights from 2009 to 2016, alongside hospital characteristics from the Health Information Management Systems Society and the American Hospital Association databases. All healthcare data breaches reported to the OCR affected more than 500 patients.

Hospitals comprised roughly one-third of all healthcare breaches, according to the study. Paper- and film-based records, rather than electronic records, comprised 65 percent of hospital data breaches. Network servers were the least common location of breached data, although their breaches affected the greatest number of patients.

The researchers determined a hospital's health IT sophistication and biometric security capabilities were not associated with decreased incidence of data breaches.

"Hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs," the study authors said. "Additionally, information security systems should be implemented concurrently with health information technologies. Improving access control and prioritizing patient privacy will be important steps in minimizing future breaches."