614-322-2222 or 877-770-8324

Data breaches in Healthcare remain a big concern in 2014



Data breaches in Healthcare remain a big concern in 2014

Last month we discussed the high expectations that would be put on healthcare IT this year. Only 2 months into the year and we are already starting to see signs of this, coming after the release of the 2013 HIMSS Security Survey. Our government has gotten involved with initiatives like OCR audits, Meaningful Use and HIPAA Omnibus Rule which encourage increasing healthcare IT budgets and their resources dedicated to securing patient/personal healthcare information (PHI).

The survey itself is a profile of 283 IT and security professionals in healthcare (U.S.) and their data security experiences. Overall, it was determined that the greatest motivator behind data breaches in healthcare is inappropriate data access. For example, healthcare employees accessing the PHI of their neighbors, friends, family, spouses, etc.

Recently there has been an increase in defenses against this, such as user access controls and the logging and auditing of accessed information, but it is still a major issue.

More than half of the respondents (51 percent to be exact) said that their IT budget was increased over the previous year’s budget. However, 49 percent of those organizations are only devoting less than 3 percent of their overall budget toward security.

The survey also revealed some other interesting facts:

-92 percent of organizations conduct a formal risk analysis.

-54 percent of these organizations report having a data breach response plan that has been tested, 63 percent of those actually test their plan annually.

-Surprisingly, 93 percent of organizations report that they are collecting and analyzing data from audit logs.

-To go with the above statistic, healthcare organizations are using methods to track what kind of information is accessed and by whom. 67 percent of organizations are using two methods, user-based and role-based controls.

These are all positive signs that data breaches are being taken more seriously than ever, but there are still short comings that need to be addressed. As mentioned earlier, nearly half (49 percent) of the respondents are still only spending 3 percent or less of their overall IT budget on patient data security. And only 52 percent said that they had a full-time person (CSO, CISO, etc.) that was directly in charge of patient data security.

So healthcare organizations are starting to pick up the slack but there is still a long way to go. Using the help and knowledge of certified vendors in this field is a great way to make sure that you are taking the necessary steps to protect your patient’s data and to indemnify your organization if a breach were to occur.

  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.

  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.

  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.