Survey: Personal health information less secure in 2010

By Molly Merrill
04:05 PM

Forty-seven percent of IT security professionals believe their personal healthcare information is less secure than it was a year ago, according to a recent survey.

The online survey, by San Francisco-based nCircle, a provider of automated IT security and compliance auditing solutions, polled 257 security professionals between Feb. 4 and March 12, 2010.

IT professionals ranked insider threats as the most serious security issue facing healthcare organizations. Alex Quilter, healthcare security strategist with nCircle, said he was surprised by this finding, but suggested that it could be the result of putting patient care before patient privacy.

Learn on-demand, earn credit, find products and solutions. Get Started >>

"This prioritization is correct but should not come at the expense of patient privacy," Quilter said. "This is compounded by the large network of business partners that require access to patient data as part of the healthcare supply chain. As the push for electronic health records intensifies security professionals and many consumers feel that their personal health information is less secure than ever."

Quilter noted that the complex network of healthcare organizations' business partners – such as EHR vendors, insurers, and others – requires access to patient data by multiple participants in the healthcare supply chain. He recommends that healthcare organizations establish security policies for those business partners that access patient data and audit those partners regularly.

The survey also found that 26 percent of respondents felt there was no change in the security of their personal health information in the last 12 months. Twenty-seven percent said they thought it was more secure than a year ago.

Industries included in the study were technology, electronics, and software and services (17 percent) federal government, financial services, healthcare (6.8 percent) and education, among others. One-third of those surveyed have a security role in their organizations, while IT operations comprise almost a quarter of the total respondents. Over half of the respondents stated their organizations staff more than 2,000 employees.