The Kroll report is their third installment of a bi-annual survey of U.S. healthcare providers. The survey asked 250 professionals in the industry to participate in the study. Those healthcare professionals represented the gamut of individuals involved in healthcare data security, respondents included: compliance officers, senior IT executives, health information management directors, privacy officers and chief security officers.
The 2012 report found that those surveyed rated their preparedness for confronting data security risks at a 6.40 ranking (on a scale of 1 to 7). This was up from 6.06 in 2010 and 5.88 in 2008. A healthy 96% responded that they had conducted a “formal risk analysis in the past 12 months. However, these numbers were in stark contrast to the increasing number of respondents who reported experiencing a security breach in the past 12 months. 27% reported a breach for the 2012 survey, this is up from 19% in 2010 and 13% in 2008. And even more shocking was that 69% of those reporting a breach had experienced more than one breach!
“When it comes to long-term prevention of data security incidents, it appears that the healthcare industry is not taking its own medicine,” said Brian Lapidus, Senior Vice President for Kroll Advisory Solutions. “There’s no question that HIPAA, HITECH and Red Flags have raised the base standard for protecting patient data, but combating the industry’s biggest security threats requires the essential combination of compliance and sound security measures. It’s like nutrition and exercise as the dynamic duo of weight loss. The magic happens when the two overlap.”
From the survey, it is clear that human error is the greatest threat to data security. Next, is the mobility of the data, which is the next biggest threat behind human error. In 2012, 79% of respondents reported that an employee caused a security breach. The mobility of patient data is also a leading factor in security breaches. 31% of survey’s respondents indicated that data available on a mobile device was a factor in data breaches.
“With the understanding that everyone from cafeteria workers to surgeons will come into contact with patient data and that they will do so in even more ways – from work computers, through paper records, via mobile devices and more – it becomes clear that evolving threats will always outpace even the most thorough regulatory requirements,” said Lapidus. “For that reason, organizations will need to constantly assess their security risk levels and evolve their policies and procedures to ensure that they are in the best possible position to protect their patients and their bottom lines.”
The top medical centers in the United States use LOK-IT in myriad ways, including transfer of medical records and patient data from ultrasound equipment, within the training department, and by the IT staff. As well, medical device manufacturers trust LOK-IT and how its flexibility provides easy access to data on CT scanners, imaging equipment and cardiac monitors.
New Survey: HIPAA Focus Doesn’t Equal Better Security
The Kroll Advisory Solutions, 2012 HIMSS Analytics Report: Security of Patient Data has been released and the findings point to a frightening fact — greater compliance hasn’t resulted in better data security. Nearly 16 years after the enactment of the Health Insurance Portability and Accountability Act (HIPAA), the HIMSS Analytics report shows an increase in health care related data security breaches over the past six years.
The Kroll report is their third installment of a bi-annual survey of U.S. healthcare providers. The survey asked 250 professionals in the industry to participate in the study. Those healthcare professionals represented the gamut of individuals involved in healthcare data security, respondents included: compliance officers, senior IT executives, health information management directors, privacy officers and chief security officers.
The 2012 report found that those surveyed rated their preparedness for confronting data security risks at a 6.40 ranking (on a scale of 1 to 7). This was up from 6.06 in 2010 and 5.88 in 2008. A healthy 96% responded that they had conducted a “formal risk analysis in the past 12 months. However, these numbers were in stark contrast to the increasing number of respondents who reported experiencing a security breach in the past 12 months. 27% reported a breach for the 2012 survey, this is up from 19% in 2010 and 13% in 2008. And even more shocking was that 69% of those reporting a breach had experienced more than one breach!
“When it comes to long-term prevention of data security incidents, it appears that the healthcare industry is not taking its own medicine,” said Brian Lapidus, Senior Vice President for Kroll Advisory Solutions. “There’s no question that HIPAA, HITECH and Red Flags have raised the base standard for protecting patient data, but combating the industry’s biggest security threats requires the essential combination of compliance and sound security measures. It’s like nutrition and exercise as the dynamic duo of weight loss. The magic happens when the two overlap.”
From the survey, it is clear that human error is the greatest threat to data security. Next, is the mobility of the data, which is the next biggest threat behind human error. In 2012, 79% of respondents reported that an employee caused a security breach. The mobility of patient data is also a leading factor in security breaches. 31% of survey’s respondents indicated that data available on a mobile device was a factor in data breaches.
“With the understanding that everyone from cafeteria workers to surgeons will come into contact with patient data and that they will do so in even more ways – from work computers, through paper records, via mobile devices and more – it becomes clear that evolving threats will always outpace even the most thorough regulatory requirements,” said Lapidus. “For that reason, organizations will need to constantly assess their security risk levels and evolve their policies and procedures to ensure that they are in the best possible position to protect their patients and their bottom lines.”
The top medical centers in the United States use LOK-IT in myriad ways, including transfer of medical records and patient data from ultrasound equipment, within the training department, and by the IT staff. As well, medical device manufacturers trust LOK-IT and how its flexibility provides easy access to data on CT scanners, imaging equipment and cardiac monitors.
The Kroll report is their third installment of a bi-annual survey of U.S. healthcare providers. The survey asked 250 professionals in the industry to participate in the study. Those healthcare professionals represented the gamut of individuals involved in healthcare data security, respondents included: compliance officers, senior IT executives, health information management directors, privacy officers and chief security officers.
The 2012 report found that those surveyed rated their preparedness for confronting data security risks at a 6.40 ranking (on a scale of 1 to 7). This was up from 6.06 in 2010 and 5.88 in 2008. A healthy 96% responded that they had conducted a “formal risk analysis in the past 12 months. However, these numbers were in stark contrast to the increasing number of respondents who reported experiencing a security breach in the past 12 months. 27% reported a breach for the 2012 survey, this is up from 19% in 2010 and 13% in 2008. And even more shocking was that 69% of those reporting a breach had experienced more than one breach!
“When it comes to long-term prevention of data security incidents, it appears that the healthcare industry is not taking its own medicine,” said Brian Lapidus, Senior Vice President for Kroll Advisory Solutions. “There’s no question that HIPAA, HITECH and Red Flags have raised the base standard for protecting patient data, but combating the industry’s biggest security threats requires the essential combination of compliance and sound security measures. It’s like nutrition and exercise as the dynamic duo of weight loss. The magic happens when the two overlap.”
From the survey, it is clear that human error is the greatest threat to data security. Next, is the mobility of the data, which is the next biggest threat behind human error. In 2012, 79% of respondents reported that an employee caused a security breach. The mobility of patient data is also a leading factor in security breaches. 31% of survey’s respondents indicated that data available on a mobile device was a factor in data breaches.
“With the understanding that everyone from cafeteria workers to surgeons will come into contact with patient data and that they will do so in even more ways – from work computers, through paper records, via mobile devices and more – it becomes clear that evolving threats will always outpace even the most thorough regulatory requirements,” said Lapidus. “For that reason, organizations will need to constantly assess their security risk levels and evolve their policies and procedures to ensure that they are in the best possible position to protect their patients and their bottom lines.”
The top medical centers in the United States use LOK-IT in myriad ways, including transfer of medical records and patient data from ultrasound equipment, within the training department, and by the IT staff. As well, medical device manufacturers trust LOK-IT and how its flexibility provides easy access to data on CT scanners, imaging equipment and cardiac monitors.