Judging from comments and blogs that our staff regularly reviews, it appears that funding and actual implementation of risk assessments, development of information security plans and efforts to better secure privacy rights for all, are making slow progress in the Healthcare Industry and still falling short of goals and objectives stated in the HITECH Act.
One of the writers that this website often follows on the Healthcare Information Security Blogs website is Howard Anderson, and, we would like to point our reader’s attention to a few of his recent postings entitled, “Winning Support for Risk Assessments”, “Yearly Hospital Breach Costs: $6 Billion” and “Healthcare Security Progress Lacking” and posted on the HealthcareInfoSecurity website to get a better understanding of the current state of this situation.
In one or more of the survey findings in these articles, you will read that:
a) Only 69% of hospitals and clinics have a plan in place to respond to a breach,
b) 58% of respondents said that they have little or no confidence in their organization’s ability to detect all patient data loss or theft,
c) 14% of hospitals and 33% of clinics have yet to conduct a risk analysis,
d) 60% of the organizations interviewed for one of the studies reported two or more breach incidents during the past two years. The extrapolated average was 2.4 breach incidents. These incidents involved, on average 1,769 records, although 61% involved just 10 to 100 records.
e) 40% of respondents said that they did not notify patients about breaches,
f) Inadequate budget and lack of trained staff for security and privacy were the two reasons the cited most frequently as the areas of vulnerability leading to breaches,
g) The top reasons for breaches were: (1) unintentional action by staff, (2) lost or stolen computer devices, and (3) third-party glitches.
If applicable, these articles along with the links imbedded within them, should be a great additional library resource for those privacy rights, HR associates, information security, personal and disaster preparedness team members in your organization.