Healthcare Groups Increase Privacy & Security Budgets But Still Fall Short

Posted on December 18, 2012 by Frank J. Rosello

The majority of healthcare organizations across the U.S. have increased their privacy and security budgets according to a new HIMSS survey released Wednesday. Officials say, however, many of the groups’ allocated budgets still fall short.

Findings of the 2012 Security Survey also highlight that healthcare groups are hiring more security staff and conducting risk analysis on an annual basis.  Survey findings were announced at the Healthcare IT News/HIMSS Media Privacy & Security Forum in Boston.

Although both hospitals and medical practices across the country have continued to increase their privacy and security budgets over the past five years, officials say the percentage of the budget dedicated to these issues is still cause for concern. “Over the last five years, we see a significant portion of the organizations say that their privacy and security funding is between 1 and 3 percent of their budget,” says Lisa Gallagher, senior director of privacy and security for HIMSS. “That’s still a pretty concerning number.

One of the biggest disconnect for providers surrounding privacy and security is not always the technology implementation, but rather involves the lack of policy procedures in place. Policy is as important as putting the programs in place. Many healthcare organizations now perform mock data breaches for unknowing staff, who are required to make the calls and follow specific data breach procedures.

According to data from the Department of Health and Human Services (HHS), some 21 million patient records have been compromised in healthcare data breaches since 2009. What’s even more concerning, Gallagher adds, is that “data breaches involving 499 or fewer are not counted in the HHS final count.” She estimated that somewhere between 40-45 million patient records might have been compromised. The number can’t be confirmed, as the data isn’t all there, she adds, but it’s a more accurate number based on healthcare organizations’ reporting.

Other survey findings include:

• Some 90 percent of hospitals conduct regular risk analysis compared with the 65 percent of medical practices that do so.
• Nearly half (43 percent) of survey respondents test their data breach response plans, with 81 percent saying they test their plans annually.
• Some 64 percent of respondents test their IT security plan, with 78 percent testing them annually.
• Data and security tools are widely used among hospitals and medical practices, with more than 97 percent having firewall tools and some 92 percent having user access controls. Disaster recovery, offsite storage, wireless security protocols, electronic signatures security tools were also used by more than 71 percent of respondents overall.
• Certain tools had lower adoption rates, however, specifically among medical practices. Intrusion prevention and detection, for example, had adoption rates of only 36 percent – this in comparison to the more than 71 percent of hospitals that currently use these tools.

Article written by Erin McCann, Associate Editor for Healthcare IT News

• Recent News

  • Texas Launches Certification Program To Bolster HIPAA Compliance
  • Internet Explorer Vulnerability: Steps To Take
  • Five Misconceptions About Cloud Computing
  • ONC Chief’s Perspectives On Patient Privacy and Security
  • ONC Chief DeSalvo Charts New Course

• Press Release Archives

• EI Connections Newsletter Archive

  
  

  Sign up for the
  EI Connections Newsletter

  * Email

  
  

• Categories

  • ACA
  • ACO Rule
  • ACOs
  • Cloud Computing
  • CMS
  • CMS eRx Rules
  • CMS Final Rule
  • CMS Proposed Rule
  • e-Health
  • EHR Adoption
  • EHR Data Sharing
  • EHR Implementation
  • EHR Incentives
  • EHR Information Security
  • EHR Meaningful Use
  • Electronic Health Records
  • Electronic Medical Records
  • EMR
  • Environmental Intelligence
  • Health Information Exchange
  • Health IT
  • Health IT Best Practices
  • Health IT Data Security
  • Health It Interoperability
  • Health IT Policy
  • Health IT Services
  • Healthcare
  • Healthcare Information Security
  • Healthcare Leasing
  • HHS
  • HHS Final Rule
  • HHS Initiatives
  • HIE
  • HIPAA 5010
  • HIPAA Complicance
  • HIPAA Omnibus Rule
  • HIPAA Privacy and Security Rule
  • ICD-10
  • Meaningful Use
  • medical practice best practices
  • mHealth
  • ONC
  • Patient Privacy
  • Personal Health Record
  • PHI Data Security
  • Press Releases
  • Radiology Systems
  • Telehealth
  • Telemedicine

• Tag Cloud

  CMS CMS EHR Incentives CMS Policy EHR EHR Adoption EHR Best Practices EHR Cloud Hosting EHR Consulting EHR Hosting EHR Implementation EHR Incentives EHR Study EHR Technology Enhancements EI Connections Newsletter Electronic Health Records Electronic Medical Records EMR Environmental Intelligence Healthcare Health Information Exchange Health IT Health IT Best Practices Health IT Information Security Health IT Policy Health IT Services Health IT Standards Health IT Tips HHS HIE HIE Standards HIPAA Compliance HIPAA Privacy and Security Rules HIT ICD-10 Meaningful Use medical practice best practices OCR ONC Patient Experience PHI PHI Data Breaches PHI Data Security PHI Security Stage 2 Meaningful Use Rule Stage 3 Meaningful Use