Survey finds lax health care privacy in United States

Share this article:
More than half of American hospitals fail to take appropriate steps to protect the privacy of patients, according to a new survey of health care IT security professionals.

Released Tuesday by the Ponemon Institute, the survey, titled “Electronic Health Information at Risk: A Study of IT Practitioners,” found that 80 percent of responding health care organizations had experienced at least one incident of lost or stolen electronic health information in the past year.

“With all the information being migrated to electronic health records, is there attention being paid to the security of that information, or is security an afterthought?” asked Mike Spinney, senior privacy analyst with Ponemon Institute, in an interview with SCMagazineUS.com Tuesday. “This survey shows that security is not being given the attention that it needs.”

Among the IT professionals surveyed, 70 percent said senior management does not view privacy and data security as a priority..

"The majority of IT practitioners in our study don`t believe that their organizations have adequate resources to protect patients` sensitive or confidential information," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "The lack of resources and support from senior management is putting electronic health information at risk."

The study, sponsored by log management provider LogLogic, surveyed 542 senior IT practitioners from health care organizations. with an average of more than 1,000 employees, about how secure they believe electronic patient medical records are.

"Hospital security professionals today have a unique opportunity to be patient privacy heroes," said Guy Churchward, CEO of LogLogic, in a statement. "Health care reform is a national priority, but we must ensure that patient data is protected."

The report concluded that though new rules and regulations mandate protection of electronic health information, IT practitioners' responses suggest they are skeptical whether requirements will affect the security of electronic patient data.

The stakes are high, said Spinney. The average cost of a data breach, per patient record, exceeds $210.

“Medical identity fraud is on the rise, probably worse than we know, because nobody really thought that there was a market for this kind of information,” Spinney said. “But thieves are stealing identities to obtain medical treatment or defraud insurance companies and government health care agencies.”


Share this article:

Sign up to our newsletters

More in News

Phishing campaign targeting users of Bitcoin wallet Blockchain.info

More than 12,000 messages have been sent to more than 400 companies as part of a phishing campaign targeting users of Bitcoin wallet Blockchain.info.

AOL announces that it does not follow 'Do Not Track' requests

Eight months after the enactment of a new California privacy law, AOL clarified that it does not respond to web browsers' "Do Not Track" requests.

Experts discover history of malware infections on network of Community Health Systems

Following a major breach at the hospital provider, security experts analyzed its network and discovered malware infections dating back to January.