Compliance Management, Incident Response, Privacy, TDR

Survey finds lax health care privacy in United States

More than half of American hospitals fail to take appropriate steps to protect the privacy of patients, according to a new survey of health care IT security professionals.

Released Tuesday by the Ponemon Institute, the survey, titled “Electronic Health Information at Risk: A Study of IT Practitioners,” found that 80 percent of responding health care organizations had experienced at least one incident of lost or stolen electronic health information in the past year.

“With all the information being migrated to electronic health records, is there attention being paid to the security of that information, or is security an afterthought?” asked Mike Spinney, senior privacy analyst with Ponemon Institute, in an interview with Tuesday. “This survey shows that security is not being given the attention that it needs.”

Among the IT professionals surveyed, 70 percent said senior management does not view privacy and data security as a priority..

"The majority of IT practitioners in our study don`t believe that their organizations have adequate resources to protect patients` sensitive or confidential information," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "The lack of resources and support from senior management is putting electronic health information at risk."

The study, sponsored by log management provider LogLogic, surveyed 542 senior IT practitioners from health care organizations. with an average of more than 1,000 employees, about how secure they believe electronic patient medical records are.

"Hospital security professionals today have a unique opportunity to be patient privacy heroes," said Guy Churchward, CEO of LogLogic, in a statement. "Health care reform is a national priority, but we must ensure that patient data is protected."

The report concluded that though new rules and regulations mandate protection of electronic health information, IT practitioners' responses suggest they are skeptical whether requirements will affect the security of electronic patient data.

The stakes are high, said Spinney. The average cost of a data breach, per patient record, exceeds $210.

“Medical identity fraud is on the rise, probably worse than we know, because nobody really thought that there was a market for this kind of information,” Spinney said. “But thieves are stealing identities to obtain medical treatment or defraud insurance companies and government health care agencies.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.