Health care organizations have seen an increase in data breaches over the past few years, despite reporting increased confidence in their readiness to handle such breaches, according to a report by HIMSS Analytics and Kroll Advisory Solutions, Healthcare IT News reports (Miliard, Healthcare IT News, 4/10).
HIMSS Analytics is the research arm of the Healthcare Information and Management Systems Society.
The report is based on a survey of 250 health information executives working at hospitals (Kroll Advisory Solutions release, 4/11).
Reported Readiness for Data Breaches
The third biannual report -- titled, "2012 HIMSS Analytics Report: Security of Patient Data" -- found that this year's survey respondents were more confident than previous years' respondents about their readiness to handle a health data breach. The report used a scale of one to seven, with one indicating that they felt "not at all prepared" and seven indicating that they felt "extremely prepared" to handle a breach.
This year, the respondents reported an average readiness score of 6.4, compared with 6.06 in 2010 and 5.88 in 2008. Ninety-six percent of respondents said that their health care organization conducted a formal risk analysis during the last year.
Security Breaches During Past Year
The report found that 27% of respondents said they had experienced a security breach in the last year, compared with 19% in 2010 and 13% in 2008.
Of those who reported experienced a breach in the last year, 69% reported experiencing more than one breach.
Factors Contributing to Data Breaches
Of the organizations that had experienced a data breach, 79% said the breach was caused by an employee. Of those who experienced a breach in the previous 12 months, 18% said the breach was caused by a third party.
When asked about the factors that are likely to contribute to a health data breach:
- 45% cited a lack of staff attention;
- 31% cited the use of mobile devices to store health information; and
- 28% cited the sharing of health information with third parties.
Lisa Gallagher -- senior director of privacy and security for HIMSS -- said, "Health care organizations need to ensure that their business associates are taking every precaution to safeguard [patient] information ... background checks, employee training and continued monitoring of policies and procedures are steps all covered entities should ensure are taken by their business associates" (Healthcare IT News, 4/10).