News Feature | March 3, 2014

Survey Shows Provider Progress In HIT Security

Source: Health IT Outcomes
Katie Wike

By Katie Wike, contributing writer

HIT Security Progress

Despite increased use of security and analytics, a recent HIMSS Survey found electronic health data breaches remain the primary concern of HIT and security professionals

The 2013 HIMSS Security Survey used the data experiences of more than 250 health information technology and security employees to analyze the progress made by providers and understand the threats which motivate them. HIMSS, along with the Medical Group Management Association and Experian Data Breach Resolution, found provides have made an increased effort to prevent security breaches in the last year.

The survey yielded mixed results, however, with Modern Healthcare reporting that while 51 percent of respondents said their organizations had increased budgeted spending on security, 49 percent reported they spent 3 percent or less of their overall IT budgets on it.

Organizations have made greater efforts to prevent theft, according to iHealth Beat, which notes:

  • 92 percent of respondents conducted a formal risk analysis
  • 66 percent used two or more access control products
  • 54 percent tested their breach response plan
  • 50 percent employed a full-time worker responsible for protecting patient data

Despite this, 19 percent of respondents said their organization experienced a security breach and 12 percent of respondents said their organization had experienced at least one case of medical identity theft.

Michael Bruemmer, Vice President for Experian Data Breach Resolution, said in an HIMSS press release, “Though progress is noticeable, it is critical that healthcare organizations put in place a comprehensive plan that addresses potential security threats – whether internal or external – to prevent electronic health data breaches and minimize the impact of a breach should one occur.”

The survey also found:

  • Only 17 percent of respondents said their organization encrypts data on mobile medical devices and biometric technology
  • Organizations reported an average score of 4.35 regarding the maturity of the security environment (where 1 is not at all mature and 7 is highly mature)
  • 52 percent of the hospital-based respondents reported that they had a CSO, CISO or other full-time leader in charge of security of patient data

According to Becker’s Hospital Review, the top motivations behind a cyberattack or other intentional breach of patients' protected health information included:

  • Hospital employees snooping: 80 percent
  • Financial identity theft: 67 percent
  • Medical identity theft: 51 percent
  • Outsourced personnel snooping: 23 percent
  • Cyberterrorism: 16 percent
  • Black market activities: 11 percent
  • Intellectual property theft: 8 percent
  • Business espionage: 4 percent
  • Other: 2 percent

“Healthcare organizations are increasingly deploying technologies to increase data security, but continued analysis is crucial in ensuring the proactive prevention of data breaches within hospitals and physician practices,” said Lisa Gallagher, vice president of technology solutions for HIMSS. “Without these anticipatory measures, security of patient data will remain a core challenge within our nation's healthcare organizations.”

Want to publish your opinion?
Contact us to become part of our Editorial Community.