Health Organizations Lagging in Ensuring Data Privacy, Security

TOPIC ALERT:

Many health care organizations lack sufficient resources to adopt strong privacy and security protections for patient data, according to a report by a coalition of health care and data security groups, Modern Healthcare reports (Conn, Modern Healthcare, 3/5).

About the Report

The coalition includes the:

  • American National Standards Institute;
  • Internet Security Alliance; and
  • Santa Fe Group (Goedert, Health Data Management, 3/5).

For the report, researchers surveyed more than 100 health care industry executives from more than 70 organizations about how their organizations handle protected health information, also called PHI (ANSI release, 3/5).

Report Findings

Researchers found that:

  • 76% of survey respondents said their organization has taken "effective steps" to protect PHI; and
  • 75% said they agree or strongly agree with the statement, "We have effective policies to protect PHI."

However, the survey also found that:

  • 32% of respondents said they disagreed or strongly disagreed with the statement, "We possess sufficient resources to ensure that [PHI privacy and security] requirements are currently being met;" and
  • 28% of respondents said they disagreed or strongly disagreed with the statement, "Management views privacy and security as a priority."

When asked to name the most significant challenges preventing their organizations from ensuring the privacy and security of PHI:

  • 59% of respondents cited a lack of funding (Modern Healthcare, 3/5);
  • 40% cited a lack of time; and
  • 32% cited insufficient executive support (Strohm, Bloomberg, 3/5).

Method for Evaluating Data Security Risks

The report also describes a five-step method for evaluating health data security risks.

The method, called the PHI Value Estimator, or PHIve, aims to help organizations:

  • Estimate the potential costs of a data breach; and
  • Determine the amount of investment necessary to strengthen privacy and security protections and reduce the likelihood of a data breach (Monegain, Healthcare IT News, 3/5).

to share your thoughts on this article.