3rd Annual Benchmark Study on Patient Privacy & Healthcare Data Security

December 8, 2012
2 Views

The Third Annual Benchmark Study on Patient Privacy & Data Securityby Ponemon Institute and ID Experts, has been released and reports that healthcare organizations face a huge challenge in stopping data breaches. 

The Third Annual Benchmark Study on Patient Privacy & Data Securityby Ponemon Institute and ID Experts, has been released and reports that healthcare organizations face a huge challenge in stopping data breaches. 

  • 94% of healthcare organizations surveyed suffered at least one data breach
  • 45% of organizations experienced more than five data breaches during the past two years
  • Astonishingly,  69% off organizations still have not secure medical devices—such as mammogram imaging and insulin pumps (IT and Biomed have to talk!)
  • The cost to the industry could average $7 billion annually. 

Most organizations surveyed say they have insufficient resources to prevent and detect data breaches, but consider the alternatives.  Patients are at increased risk for medical identity theft and their PHI and privacy could be violated as mobile and cloud technology becomes pervasive.

Change is needed and recommendations include:

  1. Operationalize pre-breach and post-breach processes, including incident assessment and incident response processes
  2. Restructure the information security function to report directly to the board to symbolize commitment to data privacy and security
  3. Conduct combined privacy and security compliance assessments annually
  4. Update policies and procedures to include mobile devices and cloud
  5. Ensure the Incident Response Plan (IRP) covers business associates, partners, cyber insurance

If you like visuals, check out the infographic.  If you are into details, read the entire report and consider:

  • Information breached is largely medical files and billing and insurance records. According to the research, 54% of organizations have little or no confidence that they can detect all patient data loss or theft. Based on the experience of the 80 healthcare organizations participating in this research, the resulting cost to the U.S. healthcare industry could be $6.87 billion, up from 2011. The average impact of a data breach is $1.2 million per organization.
  • The causes of data breach cited were loss of equipment (46%), employee errors (42%), third-party snafu (42%), criminal attack (33 %), and technology glitches (31%). Cases of medical identity theft occurred at 52% of the organizations, and it lead to inaccuracies in the patient’s medical record (39%) and/or affected the patient’s medical treatment (26%).
  • Mobile devices in the workplace pose threats to patients’ PHI.  Employees are permitted to use their own mobile devices—commonly called Bring Your Own Device (BYOD)—often to access organization data (81%), yet organizations are not confident that these personally owned mobile devices are secure (54%). Hospitals surveyed are using cloud-based services (91%) to store patient records, patient billing information, and financial information, but 47% percent lack confidence in the data security of the cloud.
  • This past year, 36% of healthcare organizations made improvements in their privacy and security programs, in response to the threat of audits conducted by the U.S. Department of Health and Human Services Office for Civil Rights. While 48% of organizations are now conducing security risk assessments, only 16% are conducting privacy risk assessments. Organizations still have insufficient resources to prevent and detect data breaches (73%) and/or don’t have controls to prevent and/or quickly detect medical identity theft (67%).

Now that I have an headache, I think I’ll stop here.

You may be interested

3 Surprising Facts About the American Healthcare System
Uncategorized
0 shares73 views
Uncategorized
0 shares73 views

3 Surprising Facts About the American Healthcare System

Ryan Kh - May 24, 2017

The status of American healthcare has been in the news frequently over the past several months due to the new…

SEO vs Paid Search vs Social Media – Which is Better for Healthcare Marketing
eHealth
0 shares182 views
eHealth
0 shares182 views

SEO vs Paid Search vs Social Media – Which is Better for Healthcare Marketing

Rehan Ijaz - May 23, 2017

Digital media has transformed marketing practices in just about every industry. Healthcare marketing has surprisingly been affected by the digital…

New Protein Could Aid in Therapy for Mesothelioma
Medical Innovations
0 shares1098 views
Medical Innovations
0 shares1098 views

New Protein Could Aid in Therapy for Mesothelioma

jennacyprus - May 22, 2017

In the world of oncology, there’s a common consensus that cancer rarely has a single cause. Instead, the majority of…