As healthcare information security requirements and penalties get tougher, a great deal of discussion is focused around how well the healthcare industry is securing patient data.
The general consensus is that the industry still has a long way to go. One of the industry’s publications, Healthcare InfoSecurity, released the results of the Healthcare Information Security Today survey sponsored by RSA which took an in-depth look at security and IT practices of senior executives in the healthcare industry.
<< click on the image to learn more
The survey reviews many information security topics including
- Impact of a data breach
- Security threats
- Compliance and steps to improve security
- Risk assessment
Some of the responses surprised us on how far healthcare companies need to go for proper HIPAA compliance. Take a look at these statistics:
- 55% of respondents were not confident in their organization’s ability to comply with HIPAA and HITECH Act regulations concerning privacy and security (grading themselves adequate or less).
- 66% responded that their organization’s ability to counter internal information security threats was adequate or less.
- Only 47% of survey participants utilize encryption for information accessible via a virtual private network or portal.
- 32% of respondents have not conducted a detailed information technology security risk assessment/analysis within the past year with 47% updating their risk assessment only periodically.
The good news is that the survey shows that healthcare organizations are taking steps in the right direction to improve their security practices.
- 37% of organizations’ budgets for information security are scheduled to increase over the next year.
- 40% of respondents plan to implement audit tool or a log management solution within the next year.
When asked what their organization’s top three information security priorities are for the coming year, the top responses included
- Improving regulatory compliance efforts
- Improving security awareness/education
- Preventing and detecting breaches
Healthcare IT teams will need updated security policies, comprehensive training for employees, and reliable tools and solutions that can deliver functionality, ease of use, audit reporting, and efficient workflows that protect the security of confidential data at rest and in motion.
The pressure is growing, compliance audits are looming, and tackling these issues are just part of the evolution of the healthcare industry.