by Deanna Pogorelc
As the use of mobile devices, file-sharing software and cloud services has been on the rise among healthcare providers, data breaches have been rising steadily along with them. A hefty 94 percent of healthcare organizations who participated in an annual survey said they had at least one data breach in the past two years.
What’s more startling is that 45 percent said they’d had more than five incidents, and half reported little or no confidence that their organization had the ability to detect all patient data loss or theft.
For its Third Annual Study on Patient Privacy & Data Security, published in December, the Ponemon Institute surveyed 324 administrative and clinical personnel at healthcare facilities – most of them hospitals or clinics that are part of a network or integrated delivery systems. Those personnel reported that the most commonly breached data are medical files and billing and insurance records, lost or stolen most often from a desktop, laptop or smartphone.
Interestingly, although the number of data breaches has gone up, those surveyed reported increasing confidence that patient billing information and medical records would not be susceptible to loss or theft. In contrast, many more felt that employee records were the most susceptible data.
While many new technology applications pose the advantage of greater efficiency and convenience to healthcare providers, they also open the door for the unsecure transmission of data that may be behind some of these breaches. For example, eight of 10 organizations surveyed allow personnel to bring their own devices and use them to connect to the organization’s network. More than 60 percent of the organizations surveyed also reported moderate or heave cloud usage, although almost 50 percent said they weren’t confident that the cloud was secure.
While most organizations reported compliance with periodic HIPAA privacy and security awareness training for staff, they still reported that the second-most-common cause of lost or stolen data was an employee mistake, following a lost or stolen computing device.
The graphic below, put together by BackgroundCheck.org, highlights some of the other interesting points from this survey.
Click on the image to view the full image.