A survey of senior managers at 65 provider organizations finds that a significant number of organizations cannot properly secure patient data. Nor do their organizations perceive it to be a priority.

Respondents at 71 percent of the surveyed provider facilities (hospitals, delivery systems and physician practices) reported inadequate resources, a lack of appropriately trained personnel (52 percent) and insufficient policies and procedures (69 percent) to detect or prevent breaches.

Traverse City, Mich.-based Ponemon Institute, a research firm focusing on privacy, data protection and information security policy, conducted the survey, which included interviews with 211 senior managers at the 65 organizations. The survey focused on adherence to HITECH Act privacy and security requirements. ID Experts, a Portland, Ore.-based data breach prevention and remediation firm, paid for the survey.

The Ponemon Institute calls the results a "benchmark study" and estimates data breaches cost the industry nearly $6 billion each year. But the institute, while stating its belief that the results are representative, also is quick to urge caution in interpreting the findings. "We fully acknowledge that our sample size is small and, hence, the ability to generalize findings about organizational size, organizational type and program maturity is limited," according to the report. "Great care should be exercised before attempting to generalize these findings to the population of all healthcare providers."

None-the-less, the findings are troublesome:

* Protecting patient information is not a top priority at 70 percent of responding hospitals. Two-thirds of organizations have less than two staff dedicated to data protection management.

* The patient billing and medical records departments are the most susceptible to data loss or theft.

* HITECH has exposed lax protection rather than improved protection. Some 71 percent of respondents do not believe the law's regulations have significantly changed practices for managing patient records.

* According to Ponemon Institute, the findings indicate that a significant number of data breaches go undetected and therefore unreported.

The report, "Benchmark Study on Patient Privacy and Data Security," is free and available here.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access