Suggested Content
Related Resources
- The Key Findings of the 2012 HIMSS Analytics Report: Security of Patient Data
- EMR and Quality Management: Best Practices
- Enabling Fast and Secure Clinician Workflow with One-Touch Desktop Roaming
- Adopting an Enterprise Imaging Strategy
- Disrupting Hospital Based Care: The Innovation Race to Establish 21st Century Care Models
LOS ALTOS, CA – A new survey on protected health information (PHI) privacy breaches found that 70 percent of the participants had suffered one or more breaches within the last 12 months.
The survey results were announced Wednesday by Veriphyr, a provider of identity and access intelligence solutions. According to the survey, insiders were responsible for the majority of breaches, with 35 percent snooping into medical records of fellow employees and 27 percent accessing records of friends and relatives.
[See also: 12 steps for surviving a privacy breach investigation]The report – Veriphyr’s 2011 Survey of Patient Privacy Breaches – summarizes the findings of a survey of compliance and privacy officers at mid-to-large hospitals and healthcare service providers. Respondents were queried on their perceptions of privacy and compliance initiatives within their organization, adequacy of tools to monitor unauthorized access to PHI, and the number and type of breaches sustained in the past year.
“Given that data breaches of patient information cost healthcare organizations nearly $6 billion annually, we were not very surprised to discover that more than 70 percent of the organizations surveyed were victimized last year,” said Alan Norquist, CEO of Veriphyr. “However, we did not expect the prevalence of insider abuse reported, and that nearly 80 percent of the respondents feel they lack adequate controls to detect PHI breaches in a timely fashion.”
Some of the report’s key findings include:
[See also: Top 6 data security questions you should be asking your BAs]Top breaches in the past 12 months by type:
- Snooping into medical records of fellow employees (35 percent)
- Snooping into records of friends and relatives (27 percent)
- Loss /theft of physical records (25 percent)
- Loss/theft of equipment holding PHI (20 percent)
When a breach occurred, it was detected in:
- One to three days (30 percent)
- One week (12 percent)
- Two to four weeks (17 percent)
Once a breach was detected, it was resolved in:
- One to three days (16 percent)
- One week (18 percent)
- Two to Four weeks (25 percent
Other findings:
- 79 percent of respondents were “somewhat concerned” or “very concerned” that their existing controls do not enable timely detection of breaches of PHI
- 52 percent stated they did not have adequate tools for monitoring inappropriate access to PHI
Click here for the full results of the survey.
[See also: 5 ways a PHI breach is like an epidemic]
