Data Security Makes Up Small Portion of Health Organization IT Budgets

TOPIC ALERT:

More than half of respondents to the Healthcare Information and Management Systems Society's 2011 HIMSS Security Survey said their health care organization spends 3% or less of its IT budget on information security, Government Health IT reports (Sullivan, Government Health IT, 11/3).

The Web-based survey included responses from 329 IT and security professionals employed by hospitals and outpatient care centers (HIMSS Security Survey, November 2011).

IT Budget-Related Findings

The survey found that:

  • 53% of respondents said their organization spends less than 3% of its IT budget on information security;
  • 16% said their organization spends between 4% and 6% of its IT budget on information security; and
  • 3% said their organization spends between 7% and 12% of its IT budget on information security (Government Health IT, 11/3);
  • 4% said their organization spends more than 12% of its IT budget on information security; and
  • 23% said they did not know how much their organization spends on IT security (HIMSS Security Survey, November 2011).

Additional Findings

Nearly all respondents said their organization monitors how employees access electronic patient data and most respondents said their organization validates identity during patient encounters. However, nearly one-quarter of respondents said their organization does not conduct security risk assessments.

The survey also found that:

  • 82% of respondents said their organization shares electronic patient data with external organizations;
  • About two-thirds of respondents said their organization provides electronic medical information to patients, surrogates and designated others;
  • About half of respondents said their organization has a chief security officer, chief information security officer or another full-time staff member to handle data security responsibilities (Monegain, Healthcare IT News, 11/3);
  • 43% said federal initiatives related to the 2009 economic stimulus package, HIPAA 5010 and ICD-10 have contributed to increased spending on information security (Government Health IT, 11/3);
  • About one-quarter of respondents plan to purchase security technologies; and
  • 14% said that at least one patient had reported a case of medical identity theft during the last year (Healthcare IT News, 11/3).

to share your thoughts on this article.