Survey finds lax health care privacy in United States

Share this article:
More than half of American hospitals fail to take appropriate steps to protect the privacy of patients, according to a new survey of health care IT security professionals.

Released Tuesday by the Ponemon Institute, the survey, titled “Electronic Health Information at Risk: A Study of IT Practitioners,” found that 80 percent of responding health care organizations had experienced at least one incident of lost or stolen electronic health information in the past year.

“With all the information being migrated to electronic health records, is there attention being paid to the security of that information, or is security an afterthought?” asked Mike Spinney, senior privacy analyst with Ponemon Institute, in an interview with SCMagazineUS.com Tuesday. “This survey shows that security is not being given the attention that it needs.”

Among the IT professionals surveyed, 70 percent said senior management does not view privacy and data security as a priority..

"The majority of IT practitioners in our study don`t believe that their organizations have adequate resources to protect patients` sensitive or confidential information," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "The lack of resources and support from senior management is putting electronic health information at risk."

The study, sponsored by log management provider LogLogic, surveyed 542 senior IT practitioners from health care organizations. with an average of more than 1,000 employees, about how secure they believe electronic patient medical records are.

"Hospital security professionals today have a unique opportunity to be patient privacy heroes," said Guy Churchward, CEO of LogLogic, in a statement. "Health care reform is a national priority, but we must ensure that patient data is protected."

The report concluded that though new rules and regulations mandate protection of electronic health information, IT practitioners' responses suggest they are skeptical whether requirements will affect the security of electronic patient data.

The stakes are high, said Spinney. The average cost of a data breach, per patient record, exceeds $210.

“Medical identity fraud is on the rise, probably worse than we know, because nobody really thought that there was a market for this kind of information,” Spinney said. “But thieves are stealing identities to obtain medical treatment or defraud insurance companies and government health care agencies.”


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.