The Ponemon Institute just released their 4th Annual Report on Patient Privacy and Data Security sponsored by ID Experts. The report has some surprising and interesting findings as to the state of healthcare privacy and security:
Employee negligence: 75 percent reported employee negligence as their biggest worry, and insider negligence was the root of most data breaches reported in the study.
Unsecured mobile devices: It’s a lot more convenient to use your personal mobile device for work—a major security risk to the 88 percent of healthcare organizations that permit employees and medical staff to use their own mobile devices to connect to the organization’s networks or enterprise systems.
Security gaps with business associates: In light of the Target data breach, which may have been caused by a fourth-party—essentially a subcontractor of a subcontractor—this, is a real concern. Only 30 percent of organizations surveyed are confident that their business associates are appropriately safeguarding patient data as required under the HIPAA Final Rule.
Evolving criminal threats: “The latest trend we are seeing is the uptick in criminal attacks on hospitals, which have increased a staggering 100 percent since the first study four years ago,” Dr. Larry Ponemon says. “As millions of new patients enter the U.S. healthcare system under the Affordable Care Act, patient records have become a smorgasbord for criminals.”
New vulnerabilities under the Affordable Care Act: Survey participants had strong reservations about the security of Health Information Exchanges (HIEs): a third said they don’t plan to participate in HIEs because they are not confident enough in the security and privacy of patient data shared on the exchanges.
You can download the study here: Fourth Annual Benchmark Study on Patient Privacy and Data Security