IT Security
Healthcare IT professionals identified an internal breach of security as their primary concern regarding data security and one-quarter reported that their organization has experienced a security breach in the past year.
Nearly all respondents also reported that their organization actively assess and/or manage security risk; this was selected by 84 percent of respondents. Despite this, one-quarter of respondents reported that they had a security breach at their organization in the past 12 months. Fourteen percent reported that they had a security breach at their organization in the last six months. These numbers are consistent with those reported in 2008.
Very few respondents (three percent) reported that they do not have any concerns with regard to the security of electronic medical information at their organization.
An internal breach of security was the concern most frequently identified by respondents as the primary concern they had with regard to the security of electronic medical information; this was identified by 37 percent of respondent. This has been a top concern for respondent over the course of the past several years. Compliance with HIPAA security regulations/CMS security audits and inadequate funding/support for the security process were selected by 22 percent and 20 percent of respondents respectively. These were also top concerns identified in the 2008 survey.
Respondents do not believe that patients have a lack of confidence in the security of their information. This was selected as primary concern about the security of electronic medical information by only seven percent of respondents.
Eight percent of respondents indicated that inadequate security systems in place at their organization were a primary concern about the security of electronic medical information. This research tracked ten different technological security tools that respondents could identify as in place at their organization; it also provided respondents the opportunity to report other types of security technologies that they used in addition to those mentioned in the survey. On average, respondents said they have seven of these solutions implemented at their organization. Only five respondents indicated they currently have only a single technology in place at their organization.
Firewalls were most widely reported to be in use—99 percent of respondents reported that their organization has a firewall in place. Also widely used are user access controls (based on role or location) and audit logs of each access to patient health records. These were identified by 86 and 79 percent of respondents respectively.
Least frequently identified as security technologies currently in place at healthcare organizations at this time are public key infrastructure (PKI) and biometric technologies such as retinal scans or fingerprint technology. These technologies were identified by 22 and 18 percent of respondents, respectively.
With regard to the security technologies that would be used or implemented at their organizations in the next two years, approximately half of respondents reported plans to purchase single-sign on technology. Most of these purchases will be among individuals who plan to purchase this technology for the first time at their organization. At least one-third of respondents also plan to purchase the following technologies:
- Email Encryption—40 percent;
- Biometric Technologies—36 percent;
- Intrusion Prevention/Detection Service—36 percent; and
- Data Encryption—34 percent.
;){kind=link}
;){kind=link}
;){kind=link}
;){kind=link}
;){kind=link}