Survey finds lax health care privacy in United States

Share this article:
More than half of American hospitals fail to take appropriate steps to protect the privacy of patients, according to a new survey of health care IT security professionals.

Released Tuesday by the Ponemon Institute, the survey, titled “Electronic Health Information at Risk: A Study of IT Practitioners,” found that 80 percent of responding health care organizations had experienced at least one incident of lost or stolen electronic health information in the past year.

“With all the information being migrated to electronic health records, is there attention being paid to the security of that information, or is security an afterthought?” asked Mike Spinney, senior privacy analyst with Ponemon Institute, in an interview with Tuesday. “This survey shows that security is not being given the attention that it needs.”

Among the IT professionals surveyed, 70 percent said senior management does not view privacy and data security as a priority..

"The majority of IT practitioners in our study don`t believe that their organizations have adequate resources to protect patients` sensitive or confidential information," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "The lack of resources and support from senior management is putting electronic health information at risk."

The study, sponsored by log management provider LogLogic, surveyed 542 senior IT practitioners from health care organizations. with an average of more than 1,000 employees, about how secure they believe electronic patient medical records are.

"Hospital security professionals today have a unique opportunity to be patient privacy heroes," said Guy Churchward, CEO of LogLogic, in a statement. "Health care reform is a national priority, but we must ensure that patient data is protected."

The report concluded that though new rules and regulations mandate protection of electronic health information, IT practitioners' responses suggest they are skeptical whether requirements will affect the security of electronic patient data.

The stakes are high, said Spinney. The average cost of a data breach, per patient record, exceeds $210.

“Medical identity fraud is on the rise, probably worse than we know, because nobody really thought that there was a market for this kind of information,” Spinney said. “But thieves are stealing identities to obtain medical treatment or defraud insurance companies and government health care agencies.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.