Results from the final report of the 2013 Healthcare Information and Management Systems Society (HIMSS) Security Survey suggest that physician practices and health care organizations such as hospitals view their own staff members as the greatest source of patient information and confidentiality security breaches.
Results from the final report of the 2013 Healthcare Information and Management Systems Society (HIMSS) Security Survey suggest that physician practices and health care organizations such as hospitals view their own staff members as the greatest source of patient information and confidentiality security breaches. In fact, 80% of respondents noted that they were concerned that human-related factors would put data at risk.
In the survey, respondents were most likely to identify human-related factors such as individuals circumventing controls or disclosing information in error as the greatest area of concern. Respondents were least likely to identify loss of information integrity, such as database corruption, as a concern. The respondents used a scale from one to seven, where one was not perceived as a threat and seven represented an area that was of high threat concern.
A security breach from an insider remains a major challenge, according to the 283 information technology and information security professionals who responded to the survey. The survey was supported by Medical Management Association and sponsored by the Experian Data Breach Resolution.
To prevent staff’s prying eyes, hospitals and practices are adding technology to existing IT systems to prevent snooping into electronic records. These include user access controls and audit logs of each user’s access to patient health records.
Additionally, two-thirds of respondents reported that they use at least two access control mechanisms, such as user-based and role-based access controls, for controlling employee access to data. Furthermore, the number of respondents indicating their organization is collecting and analyzing data from audits logs is also increasing. For instance, the number of respondents that report their organization analyzes data from their firewalls, applications, and servers has all increased in the past year.
Lastly, health care organizations are more frequently auditing their IT security plan to ensure they are ready in the event that a breach — internal or external — takes place.
Other key survey results include:
2013 HIMSS Security Survey. Final Report. February 19, 2014.