Delicious
Digg
StumbleUpon
Reddit
Newsvine
Furl
Facebook
Google
YahooSuggested Content
- Vendor Notebook - Philips, Hansen Medical join forces on arrhythmia treatment
- Vendor Notebook - Eclipsys Sunrise goes live at Singapore General Hospital
- El Camino Hospital opens new hi-tech facility
- El Camino expands robotic surgery program
- Vendor Notebook - API Healthcare announces new contracts for human capital management
- Vendor Notebook - GE Healthcare launches business unit for health information exchange
- El Camino Hospital puts the focus on Web performance
- Vendor Notebook - Siemens Healthcare to provide Penn with integrated service management
- Vendor Notebook: 7 Medical Systems, Inc., deploys PACS at University of Minnesota Boynton Health Services
- Vendor Notebook - Fujitsu PalmSecure leveraged for time and attendance
CHICAGO – Healthcare organizations aren't prepared to meet privacy and security standards associated with the American Recovery and Reinvestment Act, according to a new survey.
The survey of 196 healthcare information technology and security professionals, conducted by the Healthcare Information and Management Systems Society and sponsored by Symantec Corp., a Mountain View, Calif.-based developer of security, storage and systems management solutions, indicated healthcare organizations aren't using available security technologies to keep patient data safe. Reasons given include stretched budgets and lack of a chief security officer (CSO) or chief information security officer (CISO).
Approximately 60 percent of respondents said their organization spends 3 percent or less of their organization's IT budget on information security. This is consistent to the level of spending identified in the 2008 HIMSS study. And fewer than half of the respondents said their organization has a formally designated CISO or CSO.
"Although awareness about these issues is high, many providers have not yet made significant moves to the address these concerns," said David Finn, Symantec's health IT officer.
For example, respondents said they're using firewalls and user access controls but aren't implementing all available technologies to secure data. Only 67 percent use encryption to secure data in transmission, and fewer than half encrypt stored data.
Three-quarters of the organizations that conducted risk assessments found patient data at risk due to inadequate security controls, policies and processes, but only half said their organization had a plan in place for responding to threats or incidents related to a security breach.
"Healthcare organizations must approach all IT activities, including data security, with effective management and efficient use of their budgets, staff and technologies," said Lisa Gallagher, HIMSS' senior director of privacy and security. "IT and security professionals must recognize the need for securing patient data by using available technologies and preparing for compliance with current ARRA laws and future regulations. This complex operating environment, as well as our national goals for health IT, demands such action to ensure quality, safety and improved healthcare delivery."
