Although long required under the HIPAA security rule and part of the criteria for meaningful use incentives, one-third of recently surveyed physician practices and 14 percent of surveyed hospitals do not conduct a regular security risk analysis of their electronic health information.

That's one finding from the Healthcare Information and Management Systems Society's 2010 HIMSS Security Survey, now in its third year. Intel Corp. sponsored the survey, and the Medical Group Management Association encouraged physician participation. Results come from 272 information security professionals who participated in the Web-based survey between Sept. 10 and Oct. 8. Among the results:

* Seventeen percent of responding practices and 38 percent of hospitals have had at least one known case of medical identity theft,

* Two-thirds of all respondents have a plan in place to response to breaches,

* On a scale of one to seven, with seven a high level of maturity, respondents gave an average score of 4.43 for their organization's security environment,

* More than half of responding hospitals and 40 percent of practices use two or more types of data access controls, and

* Mobile device encryption, e-mail encryption and single-sign-on are the top planned security technologies for organizations currently without those technologies.

The full survey is available at himss.org/ASP/researchHome.asp.

--Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access