HIPAA Privacy and Security Statistics from the PHI Protection Forum

The Patient Privacy Network just wrapped up its  PHI Protection Forum in Boston – Larry Clinton of the Internet Security Alliance spoke at the event.  He spoke at length about the threats to HIPAA privacy and security within individual organization and brought out some interesting stats on the issue.

Larry noted:

  • Most executives in the HC industry are confident in the effectiveness of their security practices. They believe their strategies are sound and many consider themselves to be leaders in the field
  • (And yet, only) 42% have a strategy & (are) proactive in executing it
  • 65% are confident their info sec practices are effective - that is DOWN 15% from 2009
  • Of the 4 key criteria of information security leadership, ONLY 6% RANK AS LEADERS
  • 60% do NOT have a policy for third parties to comply with privacy policies
  • 73% use mal code detection tools; DOWN 16%
  • 48% use tools to find unauthorized devices; DOWN 14%
  • 51% use intrusion detection tools; DOWN 19%
  • 48% use vulnerability scanning tools; DOWN 15%
  • 31% DON’T KNOW when info sec is part of major projects –ONLY 18% at project inception
  • 90% HC respondents say protecting employee & customer data is important - few know where the data is stored (43% have an accurate inventory of data)
  • Adopting new technology (is outpacing) security – new technology referring to cloud 28%, mobile 46%, soc media 45%, personal devices 51%

The reasons? As noted by Larry:

  • Lack of funding 53%
  • 20% top leadership “is an impediment to improved security.”
  • Only 43% report security breaches
  • Diminished budgets have resulted in degraded security programs, incidents are on the rise, new technologies are being adopted faster than safeguards
  • There are short-term economic incentives to be insecure (VoIP, use personal devices, the Cloud)
  • HC providers report lower $ loss from incidents but many do not perform thorough or consistent analysis to appraising those losses, e.g. only 33% consider damage to brand as a financial loss

You can read the whole article on cyber risk towards privacy and security within healthcare organizations here: Larry Clinton of The Internet Security Alliance and some startling statistics about privacy security in the health care industry

About Data Breach Watch Administrator

, , , ,

No comments yet.

Leave a Reply