Welcome!

News Feed Item

Electronic Health Data Breaches Remain Primary Concern Despite Increased Use of Security Technologies and Analytics

Results of the 2013 HIMSS Security Survey show that, despite progress toward hardened security and use of analytics, more work must be done to mitigate insider threat, such as the inappropriate access of data by employees. Although federal initiatives such as OCR audits, Meaningful Use and the HIPAA Omnibus Rule continue to encourage healthcare organizations to increase the budgets and resources dedicated to securing patient health data, in the previous twelve months, 19 percent of respondents reported a security breach and 12 percent of organizations have had at least one known case of medical identity theft reported by a patient.

The 2013 HIMSS Security Survey, supported by the Medical Group Management Association and underwritten by Experian® Data Breach Resolution, profiles the data security experiences of 283 information technology (IT) and security professionals employed by U.S. hospitals and physician practices. The data from respondents suggests that the greatest perceived “threat motivator” is that of healthcare workers potentially snooping into the electronic health information of friends, neighbors, spouses or co-workers (i.e., inappropriate data access).

Recognizing inappropriate data access by insiders as an area for which organizations are at risk of a security breach, there has been increased use of several key technologies related to employee access to patient data, including user access control and audit logs of each access to patient health records. On a related note, although more than half of the survey’s respondents (51 percent) have increased their security budgets in the past year, 49 percent of these organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.

“Our collaboration with HIMSS for the sixth annual security survey has provided insight into the current state of security within provider organizations,” said Michael Bruemmer, Vice President for Experian® Data Breach Resolution. “Though progress is noticeable, it is critical that healthcare organizations put in place a comprehensive plan that addresses potential security threats – whether internal or external – to prevent electronic health data breaches and minimize the impact of a breach should one occur.”

Other key findings from the survey include the following:

  • 92 percent of organizations conduct a formal risk analysis.
  • 54 percent of organizations report having a tested data breach response plan; 63 percent of these organizations test their plan annually.
  • 93 percent of organizations indicate their organization is collecting and analyzing data from audit logs.
  • Healthcare organizations are using multiple means of controlling employee access to patient information; 67 percent of survey respondents use at least two mechanisms, such as user-based and role-based controls, for controlling access to data.

The survey also pinpoints shortcomings within the healthcare industry. Barriers to improving an organization’s security posture included budget, dedicated leadership and the following:

  • Organizations reported an average score of 4.35 regarding the maturity of the security environment (where 1 is not at all mature and 7 is highly mature).
  • Nearly half (49 percent) of the survey’s responding organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.
  • 52 percent of the hospital-based respondents reported that they had a CSO, CISO or other full-time leader in charge of security of patient data.

“Healthcare organizations are increasingly deploying technologies to increase data security, but continued analysis is crucial in ensuring the proactive prevention of data breaches within hospitals and physician practices. Without these anticipatory measures, security of patient data will remain a core challenge within our nation’s healthcare organizations,” said Lisa A. Gallagher, BSEE, CISM, CPHIMS, FHIMSS Vice President, Technology Solutions, HIMSS.

For more information on the survey results and on innovation:

About HIMSS

HIMSS is a global, cause-based, not-for-profit organization focused on better health through information technology (IT). HIMSS leads efforts to optimize health engagements and care outcomes using information technology.

HIMSS is a cause-based, global enterprise producing health IT thought leadership, education, events, market research and media services around the world. Founded in 1961, HIMSS encompasses more than 52,000 individuals, of which more than two-thirds work in healthcare provider, governmental and not-for-profit organizations across the globe, plus over 600 corporations and 250 not-for-profit partner organizations, that share this cause. HIMSS, headquartered in Chicago, serves the global health IT community with additional offices in the United States, Europe, and Asia.

About Experian® Data Breach Resolution

Experian® Data Breach Resolution, powered by the nation’s largest credit bureau, is a leader in helping businesses plan for and mitigate consumer risk following data breach incidents. With more than a decade of experience, Experian® Data Breach Resolution has successfully serviced some of the largest and highest-profile breaches in history. The group offers swift and effective incident management, notification, call center support and reporting services while serving millions of affected consumers with proven credit and identity protection products. In 2013, Experian® Data Breach Resolution received the Customer Service Team of the Year award from the American Business Awards. Experian® Data Breach Resolution is active with the International Association of Privacy Professionals, the Health Care Compliance Association, the American Health Lawyers Association, the Ponemon Institute RIM Council and InfraGard and is a founding member of the Medical Identity Fraud Alliance. For more information, visit www.experian.com/databreach and follow us on Twitter @Experian_DBR.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
Organizations do not need a Big Data strategy; they need a business strategy that incorporates Big Data. Most organizations lack a road map for using Big Data to optimize key business processes, deliver a differentiated customer experience, or uncover new business opportunities. They do not understand what’s possible with respect to integrating Big Data into the business model.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous a...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...