Survey finds many providers fall short on security preparedness

A significant percentage of hospitals and group practices are struggling to comply with a range of standards for privacy and security.

Acute-care facilities and related group practices routinely deal with multiple types of data or data-related processes that are subject to privacy and security compliance requirements, and only 65 percent of providers report being compliant across a range of standards, according to results of a new survey.

The survey of 360 organizations was conducted by business performance improvement firm Aberdeen Group and supported by Liaison Technologies, which provides a data integration platform that helps companies handle data from various sources.

However, providers are in better shape when it comes to compliance with requirements related to HIPAA—some 85 percent of respondents say they have achieved HIPAA targets for securing protected health information.

That said, more healthcare and life sciences organizations participating in the survey report having at least one data breach and one data non-compliance issue than do organizations in other industries, despite dedicating more of their IT operating budgets to data compliance.

Further, participating providers note that while they believe healthcare is significantly more advanced than other industries in protecting data, they still ranked all elements of their enterprise data lifecycles as immature, with the only exception being data management.

HDM-072616-HIPAA.png

Consequently, a closer look at enterprisewide privacy and security makes a compelling case for providers to reconsider approaches to integrating and managing data-related processes, according to Aberdeen.

The firm’s study on enterprise privacy and security compliance highlights three troubling areas for healthcare organizations. The requirements for compliance are exceedingly complex, current enterprise security initiatives are surprisingly immature and the results are disappointingly ineffective.

“Although the majority of these requirements have been in place for several years, achieving and reporting certifying compliance with data privacy and security requirements in healthcare is still very much a work in progress,” according to Aberdeen.

Also See: How to avoid security risks through better data practices

For example, less than half of surveyed healthcare organizations have assigned primary responsibility for assurance of compliance with data and privacy requirements in an effective manner.

Rather than developing an enterprisewide strategy, providers are more likely to appoint a specialized leader to handle compliance, such as a chief information security officer or chief compliance officer.

Consequently, survey respondents believe they have the highest level of maturity in their current capabilities for managing, storing and protecting enterprise data, but they also have the lowest level of maturity in their current capabilities for integrating, ingesting and syndicating enterprise data.

The full report, which also includes results from other industries, is available here.

For reprint and licensing requests for this article, click here.