Home » News » Electronic Health Records | Privacy and Security
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Survey: Personal health information less secure in 2010

May 10, 2010 | Molly Merrill, Associate Editor

SAN FRANCISCO – Forty-seven percent of IT security professionals believe their personal healthcare information is less secure than it was a year ago, according to a recent survey.

The online survey, by San Francisco-based nCircle, a provider of automated IT security and compliance auditing solutions, polled 257 security professionals between Feb. 4 and March 12, 2010.

IT professionals ranked insider threats as the most serious security issue facing healthcare organizations. Alex Quilter, healthcare security strategist with nCircle, said he was surprised by this finding, but suggested that it could be the result of putting patient care before patient privacy.

"This prioritization is correct but should not come at the expense of patient privacy," Quilter said. "This is compounded by the large network of business partners that require access to patient data as part of the healthcare supply chain. As the push for electronic health records intensifies security professionals and many consumers feel that their personal health information is less secure than ever."

Quilter noted that the complex network of healthcare organizations' business partners – such as EHR vendors, insurers, and others – requires access to patient data by multiple participants in the healthcare supply chain. He recommends that healthcare organizations establish security policies for those business partners that access patient data and audit those partners regularly.

The survey also found that 26 percent of respondents felt there was no change in the security of their personal health information in the last 12 months. Twenty-seven percent said they thought it was more secure than a year ago.

Industries included in the study were technology, electronics, and software and services (17 percent) federal government, financial services, healthcare (6.8 percent) and education, among others. One-third of those surveyed have a security role in their organizations, while IT operations comprise almost a quarter of the total respondents. Over half of the respondents stated their organizations staff more than 2,000 employees.

Related Topics:

Reader Comments (1)Login to Post a Comment

mneece says: Security and Privacy in the Health Care Continuum
May 11, 2010 | 11:56AM GMT

The security and patient privacy threats experienced by health care firms is nearly identical to other industries where the biggest threat comes from within. Security is about encryption while privacy is about redaction of patient medical records.

When viewed through a data-centric lens, the challenge of privacy regulation compliance is unworkable. Seen through a process-centric perspective the security and privacy challenges have straight-forward solutions.

Mr. Quilter's recommendation for solving these challenges with internal security polices and frequent auditing is misleading. Policies and periodic auditing will do little to solve privacy and security issues in a scalable manner.

Thanks for this revealing article.
Michael Neece, FlowLogic.com