HIMSS Analytics: To err on data security is human
 |
Commissioned by Kroll Advisory Solutions, the Chicago-based HIMSS Analytics found a steady rise in data breaches over the last six years, despite increasingly stringent regulatory activity surrounding reporting and auditing procedures, as well as heightened levels of compliance.
Seventy-nine percent of respondents incurred a breach reported by an employee. “Fifty-six percent of respondents indicated the source of the breach was unauthorized access to information by an individual employee by the organization at the time of breach,” the report added.
A total of 250 respondents were surveyed regarding the status of patient data safety at their hospitals. “The mobility of patient data—made possible by new technologies and the proliferation of mobile devices in the workplace—is a leading factor in healthcare data breaches,” the report found.
Additionally, the report, “2012 HIMSS Analytics Report: Security of Patient Data,” found the industry’s expectations of third-party data security practices are not keeping pace with the increased outsourcing of patient data as third-party data breaches rise.
In 2012, 27 percent of all respondents to the survey indicated their organization has had a security breach in the past 12 months (up from 19 percent in 2010 and 13 percent in 2008); of those who reported a breach, 69 percent experienced more than one, the report found. Eighteen percent were not aware of whether or not their organization had actually experienced a data breach in the past 12 months.
However, the positive impact of the growing number of breaches, according to the report, is a growing level of awareness around the state of patient data security. “[T]here is cause for concern as…the security practices in place continue to overemphasize a ‘checklist’ mentality for compliance without implementing more comprehensive and sustainable changes needed for meaningful improvements in the day-to-day handling of patient personal health information and patient identity integrity,” the report added.
On the whole, individuals responding to the 2012 survey reported they were more prepared than two years ago for breach preparedness, the report postively noted. However, 18 percent of respondents that experienced a breach in the past 12 months cited third parties as the source and 28 percent indicated that sharing information with external parties is the top item that put patient data at risk (up from 18 percent in 2010 and 6 percent in 2008). “Twenty-two percent of respondents reporting a breach noted that data was compromised when a laptop, handheld device or computer hard drive was lost or stolen, which is twice the amount (11 percent) reported in 2010.”
The report concluded that the changing technology landscape is complicating security challenges, including:
- Use of EHRs is on the rise, meaning patient data are more mobile and accessible;
- Use of new technologies, in particular mobile devices in the workplace, have skyrocketed, creating new operational efficiencies and security vulnerabilities;
- Particularly with the rise of EHRs, more healthcare providers are entrusting their patient data to third parties, meaning that the scope of patient data security extends far beyond the walls of their own hospitals; and
- New regulatory requirements make achieving compliance even more challenging.