Access Control Insufficient: Survey

Too many users access too much information
Access Control Insufficient: Survey
About 89 percent of healthcare organizations say users have too much access to information resources that are not pertinent to their roles, a new small survey shows.

The survey of 88 healthcare organizations was a subset of a broader poll of 728 organizations in multiple industries, the 2010 Access Governance Trends Survey, by the Ponemon Institute, sponsored by Aveksa Inc.

Access control is growing in importance as organizations attempt to comply with the HITECH Act , which raises penalties for violations of the HIPAA privacy and security rules.

Among the other healthcare-specific findings that Ponemon provided to are:

  • 61 percent do not have or do not strictly enforce access governance policies.
  • 76 percent say they cannot respond quickly enough to changes in employee access requirements.
  • 52 percent report they are unable to keep pace with the number of access change requests that come in on a regular basis.
  • 64 percent do not immediately check user access requests against security policies before the access is approved and assigned.
  • 67 percent said a lack of IT staff was a key problem in enforcing access compliance strategies.
  • 61 percent said they don't have enough technologies to manage and govern end-user access to information resources.
  • 70 percent reported that adoption of cloud computing could impact users' ability to circumvent existing access policies.

Ponemon, a Traverse City, Mich.-based research firm, concludes "An automated, continuous approach to access governance, rather than reactive or periodic assessment, will reduce both their compliance burden and the threat of insider malfeasance or negligence."

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.