Report says healthcare industry continues to overlook critical gaps in data security
- Despite new regulatory activity, including the implementation of Red Flags Rule and HITECH Act, and increased compliance among healthcare providers, the reporting of healthcare breaches is on the rise.
- The majority of survey participants indicated that they were compliant with existing laws and regulations.
- Average responses were above a 6.0 (on a scale of 1-7, with 7 being the highest level of compliance) for almost all laws and regulations, including CMS Regulations, HIPAA, State Security Laws and Red Flags Rule. Only HITECH scored lower (5.75), most likely due to the fact that HITECH was still not fully implemented at the time of the survey.
- The number of healthcare organizations that reported a breach increased by six percent in 2010 to 19 percent of total respondents -- up from 13 percent in 2008.
- When asked to rate their level of "preparedness" for a future security breach, respondents from organizations having experienced a breach cited a preparedness level of 6.06 (on a scale of 1-7, with 7 being most prepared).
- Healthcare organizations continue to underestimate the high costs of a data breach, despite the fact that penalties for HITECH violations can reach as high as $1.5 million dollars.
- 87 percent of respondents indicated that they have policies in place to monitor access and sharing of electronic health information, yet research shows that 84 percent of healthcare breaches since 2003 were due to "low tech" incidents such as lost or stolen laptops, improper disposal of documents, stolen backup tapes, etc.
- 60 percent of respondents said they required third party vendors to provide proof of employee training and only half indicated that they required third party vendors to provide proof of employee background checks. As organizations prepare for the broader sharing of electronic health records across massive networks of providers, payors, state and federal repository systems, third party involvement is only expected to increase in the coming years.