Despite efforts to update security environments, hospital data continues to be at serious risk, according to the 2010 HIMSS Analytics Report: Security of Patient Data.

The report, a biannual survey of 250 healthcare professionals worldwide, found critical gaps in data security despite new regulatory activity, including the implementation of Red Flags Rule and HITECH Act. Additionally, the study discovered that hospitals take a reactive approach rather than a proactive one when it comes to data breaches.

Listed below are a few key points from the study:

• The number of healthcare facilities that reported a breach that requires notification increased to 19 percent in 2010 from 13 percent in 2008, a 6 point increase.
• Despite penalties for HITECH violations reaching as high as $1.5 million, healthcare organizations continue to underestimate the high costs of a data breach
• Most respondents said malicious intent is “less likely” to be the cause of breaches
  • 66 percent said a breach occurred when an employee looked at information of which the employee did not have authorized access (source of the breach was unauthorized access to information by an individual employed by the organization at the time of the breach)
  • 11 percent said data was compromised when a laptop, computer hard drive or handheld device was lost or stolen

• When asked to rate their level of preparedness for a future security breach, respondents from organizations having experience a breach cited a preparedness level of 6.06 (on a scale of 1-7, with seven being the most prepared)

• 87 percent of respondents reported that they have policies in place to monitor access and sharing of electronic health information; however, research reflects that 84 percent of healthcare breaches since 2003 were due to incidents such as lost or stolen laptops, improper disposal of documents, stolen backup tapes, etc.

• 38 percent of respondents believe patient satisfaction is the primary impact of a data breach, while 15 percent cited the financial costs, down from 18 percent in 2008

• 60 percent said they required third party vendors to provide proof of employee training and half indicated that they required their third party vendors to provide proof of employee background checks

• 80 percent of academic medical centers reported that they require proof of a vendor’s employee training, while 48 percent of critical access hospital respondents report such due diligence

For additional information, click here.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content