Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Kroll Publishes Report On Healthcare Data Security

Kroll : 06 April, 2010  (New Product)
Security of Patient Data report investigates the current state of security in healthcare and examines the requirements that the industry needs to meet as it moves towards the use of electronic health records
As the healthcare industry prepares for a major shift to electronic health records (EHRs) over the next several years, a new bi-annual report provides data that shows that providers are still having difficulty adequately securing patient data in a rapidly changing landscape. The 2010 HIMSS Analytics Report: Security of Patient Data indicates that healthcare organizations are actively taking steps to ensure that patient data is secure. However, these efforts appear to be more reactive than proactive, as hospitals dedicate more resources toward breach response vs. breach prevention through Risk Management activities. The report, which surveys healthcare organizations nationwide, was commissioned by Kroll Fraud Solutions, a leading provider of data protection and identity theft response services.

"The results of the latest study are bittersweet to say the least," said Brian Lapidus, chief operating officer for Kroll Fraud Solutions. "On one hand, healthcare organizations are demonstrating increased awareness of the state of patient data security as a result of heightened regulatory activity and increased compliance. On the other, organizations are so afraid of being labeled 'noncompliant' that they overlook the bigger elephant in the room, the still-present risk and escalating costs associated with a data breach. We need to shift the industry focus from a 'check the box' mentality around compliance to a more comprehensive, sustained look at data security."

When the 2008 HIMSS Analytics Report: Security of Patient Data was released in April 2008, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was the primary regulatory requirement dominating the healthcare space. At the time, the study suggested that HIPAA's focus on medical privacy fostered a significant lack of awareness among healthcare providers around the frequency, cause and seriousness of patient identity theft. According to the latest study, the same is true in 2010, despite the flurry of regulatory activity around patient data security over the past two years and the severe financial penalties these laws impose.

Key report findings include:

* Despite new regulatory activity, including the implementation of Red Flags Rule and HITECH Act, and increased compliance among healthcare providers, the reporting of healthcare breaches is on the rise.

- The majority of survey participants indicated that they were compliant with existing laws and regulations.
- The number of healthcare organizations that reported a breach increased by six percent in 2010 to 19 percent of total respondents - up from 13 percent in 2008.
- When asked to rate their level of "preparedness" for a future security breach, respondents from organizations having experienced a breach cited a preparedness level of 6.06 (on a scale of 1-7, with 7 being most prepared).

* Healthcare organizations continue to underestimate the high costs of a data breach, despite the fact that penalties for HITECH violations can reach as high as $1.5 million dollars.

- Patient satisfaction was most frequently cited as the primary impact of a data breach on their organization (38 percent), while only 15 percent cited the financial costs - down from 18 percent in 2008.

* Healthcare organizations continue to think of data security in specific silos (IT, employees, etc.) and not as an organization-wide responsibility, which creates unwanted gaps in policies and procedures.

- 87 percent of respondents indicated that they have policies in place to monitor access and sharing of electronic health information, yet research shows that 84 percent of healthcare breaches since 2003 were due to "low tech" incidents such as lost or stolen laptops, improper disposal of documents, stolen backup tapes, etc.
- 60 percent of respondents said they required third party vendors to provide proof of employee training and only half indicated that they required third party vendors to provide proof of employee background checks. As organizations prepare for the broader sharing of electronic health records across massive networks of providers, payors, state and federal repository systems, third party involvement is only expected to increase in the coming years.

"We'd still like to see increasing maturity of data security function - from a checklist compliance approach to an organization-wide Risk Management approach," said Lisa Gallagher, senior director of privacy and security for HIMSS. "We'd like to see recognition of security risk as a business risk and have the function appropriately supported and resourced by executive management. The healthcare environment is only going to become more complex over time with the emphasis on health information exchange and new technology approaches such as cloud computing."

The 2010 HIMSS Analytics Report also noted significant differences between security policies and procedures by hospital type. Critical access facilities lagged behind general medical/surgical facilities and academic medical centers in several key areas, including:

* Monitoring Electronic Patient Health Information Access and Sharing: 74 percent of respondents from critical access hospitals said their organization has such policies in place, as compared with 100 percent of academic medical center respondents and 95 percent of general medicine/surgical.
* Auditing Processes for Sharing Patient Data with Outside Entities: 61 percent of respondents from critical access hospitals reported conducting regular audits, as compared to 90 percent from academic medical centers and 80 percent from general medicine/surgical hospitals.

Survey Methodology: A total of 250 healthcare industry professionals participated in this research conducted in December 2009. They included Health Information Management (HIM) managers (45 percent), senior information technology (IT) executives (25 percent), compliance and privacy officers (25 percent), chief security officers (4 percent) and others associated with information management (1 percent). Most respondents were from small to mid-sized healthcare facilities.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo