As researchers gear up to focus on the issue of HIT security, a recent HIMSS study shows that the problem remains significant in hospitals.
According to this report on the 2010 HIMSS Analytics Report: Security of Patient Data, “the study found critical gaps in data security – and its findings suggested that efforts to keep data safe were often more reactive than proactive, with hospitals dedicating more resources to breach response than to breach prevention.”
Based on a biannual survey commissioned by Kroll Fraud Solutions of 250 healthcare professionals nationwide, the study found a number of things which should spur researchers on. For example, “the number of healthcare organizations that reported a breach increased by six percent in 2010 to 19 percent of total respondents – up from 13 percent in 2008,” when the last survey was conducted.
Moreover, “healthcare organizations continue to think of data security in specific silos . . . and not as an organization-wide responsibility, which creates unwanted gaps in policies and procedures.”
As Brian Lapidus, Kroll’s chief operating officer, put it, “The results of the latest study are bittersweet to say the least. On one hand, healthcare organizations are demonstrating increased awareness of the state of patient data security as a result of heightened regulatory activity and increased compliance. On the other, organizations are so afraid of being labeled ‘noncompliant’ that they overlook the bigger elephant in the room, the still-present risk and escalating costs associated with a data breach.”
As the study findings indicate, what is perhaps most harmed by data breaches is the confidence patients have in their providers’ IT systems, and it is that confidence that the researchers who recently received a $15 million award as part of the government’s SHARP program hope to address.
According to Professor Carl A. Gunter of the University of Illinois Department of Computer Science and IT, and the newly funded project’s lead investigator, "It is essential for patients and healthcare providers to have confidence in the information technologies on which modern healthcare is becoming increasingly reliant."
With that goal in mind, “SHARPS will focus on three health information environments – electronic health records, health information exchange, and telemedicine – that are becoming increasingly popular in spite of security concerns with their use.”
As the HIMSS study indicates, the IT security improvements that policymakers are aiming to achieve via the SHARP program could not happen too soon.
Jeff Rowe blogs daily at Priming the Pump.
