HIMSS Survey Assesses State of Provider Data Security
Hospitals and physician practices are adding technology to prevent snooping into electronic records by health care workers.
Results from the 2013 HIMSS Security Survey find hospitals and physician practices are adding technology to prevent snooping into electronic records by health care workers.
The insider threat remains a major threat, according to 283 information technology and information security professionals responding to the survey, which the Medical Group Management Association helped support and Experian Data Breach Resolution sponsored.
Two-thirds of responding organizations are using two or more access control products to ensure only appropriate users are accessing protected health information and to log and track access. In particular, 78 percent use role-based access controls.
But there remain huge gaps in data protection among survey respondents. Only 17 percent were encrypting data on mobile medical devices and investments in biometric technology and public key infrastructure remains limited. Nineteen percent of respondents had a known security breach in 2012 and 12 percent had at least one known case of medical identity theft. Fifty-four percent tested their breach response plan last year. On a 1-7 scale of the maturity of an organizations security environment, the average self-assessed score was 4.35.
Other survey results include:
* Ninety-two percent of respondents conducted a risk analysis last year, with the percentage of physician practices taking that step rising from 65 percent in 2012 to 78 percent.
* More than half reported an increase in the security budget during 2013, but half of respondents spend three percent or less of the I.T. budget on security.
* About half of responding hospitals have a full-time employee responsible for the security of patient data.
Full survey results are available here.
The insider threat remains a major threat, according to 283 information technology and information security professionals responding to the survey, which the Medical Group Management Association helped support and Experian Data Breach Resolution sponsored.
Two-thirds of responding organizations are using two or more access control products to ensure only appropriate users are accessing protected health information and to log and track access. In particular, 78 percent use role-based access controls.
But there remain huge gaps in data protection among survey respondents. Only 17 percent were encrypting data on mobile medical devices and investments in biometric technology and public key infrastructure remains limited. Nineteen percent of respondents had a known security breach in 2012 and 12 percent had at least one known case of medical identity theft. Fifty-four percent tested their breach response plan last year. On a 1-7 scale of the maturity of an organizations security environment, the average self-assessed score was 4.35.
Other survey results include:
* Ninety-two percent of respondents conducted a risk analysis last year, with the percentage of physician practices taking that step rising from 65 percent in 2012 to 78 percent.
* More than half reported an increase in the security budget during 2013, but half of respondents spend three percent or less of the I.T. budget on security.
* About half of responding hospitals have a full-time employee responsible for the security of patient data.
Full survey results are available here.
More for you
Loading data for hdm_tax_topic #reducing-cost...