TRENDING:

Survey: 19% of Hospitals Have Had a Breach

Unauthorized internal access most common Howard Anderson (ismg_editor) • April 6, 2010    
Survey: 19% of Hospitals Have Had a Breach
A new survey of executives at 250 hospitals found that 19% had experienced at least one security breach in the past 12 months, up from 13 percent in a similar survey conducted in early 2008.

Nearly two-thirds of those reporting a breach said the source was unauthorized access to information by an individual employed by the organization at the time of the incident.

Some 79 percent of respondents that had experienced a breach said they provided increased training for employees, compared to only 34 percent who said they made changes to their security policies and procedures.

HIMSS Analytics, the research unit of the Healthcare Information and Management Systems Society, Chicago, conducted the survey in December 2009 as a follow-up to a similar poll in April 2008. Kroll Fraud Solutions, Nashville, Tenn., commissioned both surveys.

Checklist mentality?

The study shows that "security practices in place continue to overemphasize a checklist mentality for compliance without implementing more comprehensive and sustainable changes," according to the executive summary. It notes that "hospitals appear to be focusing on how to handle a breach after it has taken place, rather than focusing on risk assessments." Other survey highlights include:

  • Some 31 percent say "lack of attention by staff to security policy" was most likely to put patient information at risk at their organization, followed by "improper IT security practices in place," cited by 26 percent.

  • In the past six months, 76 percent said they had they had implemented technical IT security measures, such as firewalls or use of encrypted e-mails. Some 72 percent has implemented physical security measures, such as locks or badge access, and 70 percent had updated their security policies and procedures.

  • Only one-third of respondents said the individual responsible for patient data security is a chief security officer, chief privacy officer or chief compliance officer. Some 23 percent said the health information management (medical records) director had the responsibility.

Half of the respondents to the survey, "2010 HIMSS Analytics Report: Security of Patient Data," work at hospitals with fewer than 100 beds. The most common title of those surveyed was health information management director or manager. HIMSS Analytics based the survey on a random sample of its own database of U.S. hospitals.

Previous
Feds Add 4 More Major Breaches to List
Next
New ISSA President Sets 3-Point Agenda

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
Securing OT and IoT Assets in an Interconnected World
Securing OT and IoT Assets in an Interconnected World
Threat Detection for 'DEED' Environments of Enterprises Today
Threat Detection for 'DEED' Environments of Enterprises Today
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
Why Cyber Defenders Need Partnerships, Tools and Education
Why Cyber Defenders Need Partnerships, Tools and Education
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Are We Facing a Massive Cybersecurity Threat?
Are We Facing a Massive Cybersecurity Threat?
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.