Survey: Orgs. Doing More Health Data Risk Analysis, Still Lack Breach Response Plan

Dec. 13, 2012
According to a new survey from the Healthcare Information and Management Systems Society (HIMSS), even as more healthcare organizations conduct annual security risk analyses to protect patient data, most are still without a data breach response plan. Thanks to incentives provided by the Centers for Medicare & Medicaid Services’ (CMS) meaningful use program, there is increased focus on data protection, say authors of the report, 2012 HIMSS Security Survey.

According to a new survey from the Healthcare Information and Management Systems Society (HIMSS), even as more healthcare organizations conduct annual security risk analyses to protect patient data, most are still without a data breach response plan. Thanks to incentives provided by the Centers for Medicare & Medicaid Services’ (CMS) meaningful use program, there is increased focus on data protection, say authors of the report, 2012 HIMSS Security Survey.

The study, of 303 individuals, included feedback from physician practices, standalone hospitals, healthcare systems, and what HIMSS calls a “variety of healthcare organizations.” Overall, 90 percent of respondents working at hospitals conduct an annual risk analysis. Of those at a physician practice, 65 percent of respondents said they conduct an annual risk analysis.

However, less than half of the organizations surveyed (43 percent) said they had a data breach response plan.  Also the overall IT security budget has remained largely unchanged since last year, the authors of the report found. Fifty-seven percent of the respondents indicated their organization used only a single method for controlling employee access to patient information. 

Of those surveyed, only 22 percent indicated they reported a security breach last year. This sharply contrasts the survey from The Ponemon Institute, which found 94 percent of healthcare organizations had suffered a data breach.  

“As our survey results indicate, more hospitals and physician practices have increased their emphasis on security of patient health data, but have more to accomplish when it comes to ongoing data security,”  Lisa Gallagher, senior director, privacy & security, HIMSS, said in a statement.

Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...