Access Control Insufficient: SurveyToo many users access too much information
The survey of 88 healthcare organizations was a subset of a broader poll of 728 organizations in multiple industries, the 2010 Access Governance Trends Survey, by the Ponemon Institute, sponsored by Aveksa Inc.
Access control is growing in importance as organizations attempt to comply with the HITECH Act , which raises penalties for violations of the HIPAA privacy and security rules.
Among the other healthcare-specific findings that Ponemon provided to HealthcareInfoSecurity.com are:
- 61 percent do not have or do not strictly enforce access governance policies.
- 76 percent say they cannot respond quickly enough to changes in employee access requirements.
- 52 percent report they are unable to keep pace with the number of access change requests that come in on a regular basis.
- 64 percent do not immediately check user access requests against security policies before the access is approved and assigned.
- 67 percent said a lack of IT staff was a key problem in enforcing access compliance strategies.
- 61 percent said they don't have enough technologies to manage and govern end-user access to information resources.
- 70 percent reported that adoption of cloud computing could impact users' ability to circumvent existing access policies.
Ponemon, a Traverse City, Mich.-based research firm, concludes "An automated, continuous approach to access governance, rather than reactive or periodic assessment, will reduce both their compliance burden and the threat of insider malfeasance or negligence."