Home » News » ARRA/Stimulus
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Survey: Data breach prevention top of mind for IT decision makers

August 17, 2010 | Molly Merrill, Associate Editor

Related Resources

LEXINGTON, MA – Preventing patient data breaches is cited as the number one priority for healthcare IT decision makers, but work remains for complying with security regulations, according to a national survey that examines IT trends in healthcare.

The 2010 Healthcare IT Survey, a poll of 600 decision-makers across hospitals in the U.S. and Canada, was conducted via Zoomerang, an online survey services provider, for Lexington, Mass.-based Imprivata, which develops enterprise authentication and access management solutions.

According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations are driving their organization's purchasing decisions. Seventy-four percent, meanwhile, say their organization will spend more on security in 2010 than it did in 2009.

Recently, Department of Health and Human Services Secretary Kathleen Sebelius announced tougher personal health information protection, as mandated under the HITECH Act, with a notice of proposed rulemaking designed to strengthen and expand enforcement of HIPAA.

The rule was published in the July 14 issue of the Federal Register, with public comments due by Sept. 13.

While the HITECH Act is a major concern for survey respondents, 38 percent still report they cannot track inappropriate access in accordance with the regulations. And 47 percent are not sure if their organization is subject to state requirements mandating strong authentication for identity verification at the point of electronic prescription drug order placement.

Challenges cited by respondents for complying with the HITECH Act included employee education (46 percent), costly updates (43 percent) and meeting deadlines (37 percent). Nineteen percent of respondents said they themselves do no understand the HITECH Act.

"More than one year after its passage, hospitals continue to be deeply concerned about their ability to meet deadlines imposed on them by the HITECH Act," says Barry P. Chaiken, MD, CMO at Imprivata. "Organizations fear security breaches and unauthorized access to patient records, while trying to manage clinical transformation through the deployment of EMR systems to achieve improved care delivery and cost savings.

According to the survey, passwords remain the most popular form of application access security, with 83 percent of respondents using them. However, 90 percent of respondents reported that passwords and time to access patient data have a negative impact on physician satisfaction.

The results of survey demonstrate that hospitals are struggling to balance the need for greater security with the established workflow of physicians and staff. It is imperative that hospitals secure user access without re-engineering established clinician workflows, say survey officials.

Access the full report here.

Related Topics:

Reader Comments (3)Login to Post a Comment

Mitch W. says: Other regs also important
August 18, 2010 | 5:43PM GMT

HIPAA and HITECH are important laws driving interest in patient privacy. We're seeing healthcare providers leading the way in implementing privacy protection.

Other regulations come into play as well. Healthcare providers that deal with credit cards need to abide by PCI-DSS.

Ashley is correct that companies need to secure devices, but it's also important to monitor and control traffic moving from the private network to the public Internet. That's what we do at Palisade Systems.

Mitch Wagner
http://blog.palisadesystems.com

Ashley_ABT says: Knowing where devices arewith sensitive info is half the battle
August 18, 2010 | 4:14PM GMT

It’s good to hear that data security is such a high priority for IT decision makers in the healthcare field. An extremely common reason that a data breach occurs is actually a lost or stolen laptop or other mobile device. As healthcare IT professionals evaluate how to ensure patient’s data is secure, it’s important to make sure every device in the organization is equipped with the technology that will effectively manage and secure all IT assets. This way they'll know where they are at all times and if a device is in a potential breach situation.

I work at Absolute Software, a company that specializes in software and services that provide an easy way to manage and secure computers and mobile devices. If you need information on how to better protect your company's devices and data, please visit www.absolute.com .

~Ashley, Absolute Software
http://blog.absolute.com

janice33rp says: "Security" Largely Matter of Luck at Most Orgs
August 17, 2010 | 2:39PM GMT

Great article highlighting the need for everyone to have a much higher computer/data security awareness. Check a (free) blog, "The Business-Technology Weave" (can Google to it) - it reflects what this articleis saying. The majority of breaches are due to human error, therefore awareness and common sense are key, in supporting all necessary best practices. The blog author also has a book we use at work, "I.T. WARS" (you can Google that too). It has a great Security chapter, and others that treat security. Highly recommended. Great stuff.