Despite new statutory and regulatory requirements for healthcare privacy and security, a new survey of U.S. healthcare organizations suggests that while organizations are updating their security environments, data continues to be at risk
Nashville, TN (PRWEB) April 5, 2010 -- As the healthcare industry prepares for a major shift to electronic health records (EHRs) over the next several years, a new bi-annual report provides data that shows that providers are still having difficulty adequately securing patient data in a rapidly changing landscape. The 2010 HIMSS Analytics Report: Security of Patient Data indicates that healthcare organizations are actively taking steps to ensure that patient data is secure.
However, these efforts appear to be more reactive than proactive, as hospitals dedicate more resources toward breach response vs. breach prevention through risk management activities. The report, which surveys healthcare organizations nationwide, was commissioned by Kroll Fraud Solutions, a leading provider of data protection and identity theft response services.
“The results of the latest study are bittersweet to say the least”, said Brian Lapidus, chief operating officer for Kroll Fraud Solutions. “On one hand, healthcare organizations are demonstrating increased awareness of the state of patient data security as a result of heightened regulatory activity and increased compliance. On the other, organizations are so afraid of being labeled ‘noncompliant’ that they overlook the bigger elephant in the room, the still-present risk and escalating costs associated with a data breach. We need to shift the industry focus from a ‘check the box’ mentality around compliance to a more comprehensive, sustained look at data security.”
When the 2008 HIMSS Analytics Report: Security of Patient Data was released in April 2008, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was the primary regulatory requirement dominating the healthcare space. At the time, the study suggested that HIPAA’s focus on medical privacy fostered a significant lack of awareness among healthcare providers around the frequency, cause and seriousness of patient identity theft. According to the latest study, the same is true in 2010, despite the flurry of regulatory activity around patient data security over the past two years and the severe financial penalties these laws impose.
Key report findings include:
1. Despite new regulatory activity, including the implementation of Red Flags Rule and HITECH Act, and increased compliance among healthcare providers, the reporting of healthcare breaches is on the rise.
The 2010 HIMSS Analytics Report also noted significant differences between security policies and procedures by hospital type. Critical access facilities lagged behind general medical/surgical facilities and academic medical centers in several key areas, including:
For a copy of the 2010 HIMSS Analytics Report: Security of Patient Data and for more information on best practices in healthcare data security, please visit: www.krollfraudsolutions.com.
Kroll, the world's leading risk consulting company, provides a broad range of investigative, intelligence, financial, security and technology services to help clients reduce risks, solve problems and capitalize on opportunities. Kroll Inc. is a wholly-owned subsidiary of Marsh & McLennan Companies, Inc. (NYSE: MMC), the global professional services firm. Kroll began providing identity theft solutions in 1999 and created its Fraud Solutions practice in 2002 in response to increasing requests from clients for counsel and services associated with the loss of sensitive personal information, and related identity protection and restoration issues facing organizations and individuals.
Since then, Kroll’s Fraud Solutions clients have included Fortune 500 companies, non-profit organizations, and government entities dealing with healthcare, financial services, insurance, consumer service, and any activity involving the collection and use of personal information. Kroll’s Fraud Solutions team presently serves over 10,000 businesses and millions of individual consumers. For more information, visit: www.krollfraudsolutions.com. For expert commentary on the latest data security and identity theft issues, visit the Kroll Fraud Solutions blog “A Dialogue on Data Security” at www.krollfraudsolutionsblog.com.
About HIMSS Analytics
HIMSS Analytics supports improved decision-making for healthcare organizations, and healthcare IT companies and consulting firms by delivering high quality data and analytical expertise. The company collects and analyzes healthcare organization data relating to IT processes and environments, products, IS department composition and costs, IS department management metrics, healthcare delivery trends and purchasing related decisions.
HIMSS Analytics is a wholly-owned, not-for-profit subsidiary of the Healthcare Information and Management Systems Society (HIMSS).
1. Section 13410(d) of the Health Information Technology for Economic and Clinical Health Act (HITECH) as part of the American Recovery and Reinvestment Act of 2009 (ARRA), signed into law by President Obama February 17, 2009
Read the full story at http://www.prweb.com/releases/kroll_healthcare_data/042010/prweb3833744.htm.
Copyright©2010 Vocus, Inc.
All rights reserved