Health Care Providers Reporting Rise in Data Security Breaches

RELATED TOPICS:

Health care organizations have seen an increase in data breaches over the past few years, despite reporting increased confidence in their readiness to handle such breaches, according to a report by HIMSS Analytics and Kroll Advisory Solutions, Healthcare IT News reports (Miliard, Healthcare IT News, 4/10).

HIMSS Analytics is the research arm of the Healthcare Information and Management Systems Society.

The report is based on a survey of 250 health information executives working at hospitals (Kroll Advisory Solutions release, 4/11).

Reported Readiness for Data Breaches

The third biannual report -- titled, "2012 HIMSS Analytics Report: Security of Patient Data" -- found that this year's survey respondents were more confident than previous years' respondents about their readiness to handle a health data breach. The report used a scale of one to seven, with one indicating that they felt "not at all prepared" and seven indicating that they felt "extremely prepared" to handle a breach.

This year, the respondents reported an average readiness score of 6.4, compared with 6.06 in 2010 and 5.88 in 2008. Ninety-six percent of respondents said that their health care organization conducted a formal risk analysis during the last year.

Security Breaches During Past Year

The report found that 27% of respondents said they had experienced a security breach in the last year, compared with 19% in 2010 and 13% in 2008.

Of those who reported experienced a breach in the last year, 69% reported experiencing more than one breach. 

Factors Contributing to Data Breaches

Of the organizations that had experienced a data breach, 79% said the breach was caused by an employee. Of those who experienced a breach in the previous 12 months, 18% said the breach was caused by a third party.

When asked about the factors that are likely to contribute to a health data breach:

  • 45% cited a lack of staff attention;
  • 31% cited the use of mobile devices to store health information; and
  • 28% cited the sharing of health information with third parties.

Recommendations

Lisa Gallagher -- senior director of privacy and security for HIMSS -- said, "Health care organizations need to ensure that their business associates are taking every precaution to safeguard [patient] information ... background checks, employee training and continued monitoring of policies and procedures are steps all covered entities should ensure are taken by their business associates" (Healthcare IT News, 4/10).


to share your thoughts on this article.