News | February 19, 2014

2013 HIMSS Security Survey Shows Progress, Remaining Concerns

HIMSS 2013 Security Survey Information Technology Cardiac PACS

February 19, 2014 — Results of the 2013 HIMSS Security Survey show progress toward hardened security and use of analytics, but more work is needed to mitigate insider threat, such as inappropriate access of data by employees. Federal initiatives such as OCR audits, Meaningful Use (MU) and the HIPAA Omnibus Rule encourage healthcare organizations to increase the budgets and resources dedicated to securing patient health data. However, over the past year, 19 percent of respondents reported a security breach. Additionally, 12 percent of organizations have had at least one known case of medical identity theft reported by a patient.

The 2013 HIMSS Security Survey is supported by the Medical Group Management Association and underwritten by Experian Data Breach Resolution. It profiles the data security experiences of 283 information technology (IT) and security professionals employed by U.S. hospitals and physician practices. The data from respondents suggests the greatest perceived “threat motivator” is of healthcare workers potentially looking at electronic health information of friends, neighbors, spouses or co-workers.

There has been a response to the risk of security breach via inappropriate data access by insiders. Efforts include increased use of several technologies related to employee access to patient data, such as user access control and audit logs of each access to patient health records. 

More than half of the survey’s respondents (51 percent) have increased their security budgets in the past year. Still, 49 percent of these organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.

“Though progress is noticeable, it is critical that healthcare organizations put in place a comprehensive plan that addresses potential security threats – whether internal or external — to prevent electronic health data breaches and minimize the impact of a breach should one occur,” said Michael Bruemmer, vice president for Experian Data Breach Resolution.

Other findings from the survey include: 

  • 92 percent of organizations conduct a formal risk analysis
  • 54 percent of organizations report having a tested data breach response plan and 63 percent of these organizations test their plan annually
  • 93 percent of organizations indicate their organization is collecting and analyzing data from audit logs
  • Healthcare organizations are using multiple means of controlling employee access to patient information; 67 percent of survey respondents use at least two mechanisms, such as user-based and role-based controls, for controlling access to data

 

The survey also identifies barriers to improving an organization’s security posture included budget, dedicated leadership and the following: 

  • Organizations reported an average score of 4.35 regarding the maturity of the security environment (where 1 is not at all mature and 7 is highly mature).
  • Nearly half (49 percent) of the survey’s responding organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.
  • 52 percent of the hospital-based respondents reported that they had a CSO, CISO or other full-time leader in charge of security of patient data.

 

For more information: www.himss.org, www.experian.com

Related Content

ScImage and Invia Partnership Announced
News | Cardiac PACS| September 19, 2017
ScImage Inc. and Invia Imaging Solutions recently announced formation of a joint partnership at the American Society of...
Healthcare cybersecurity concerns have increased dramatically as EMRs and medical devices become more digitally connected.

Healthcare cybersecurity concerns have increased dramatically as EMRs and medical devices become more digitally connected.

Feature | Cybersecurity| August 18, 2017 | Dave Fornell
August 17, 2017 — Cybersecurity has become a growing concern in healthcare as patient data, medical systems and impla
ScImage Awarded U.S. Government DIN-PACS IV Contract
News | PACS| August 16, 2017
ScImage Inc. was recently awarded a new DIN-PACS IV (Digital Imaging Network/Picture Archiving and Communications...
News | Information Technology| May 11, 2017
McKesson Imaging & Workflow Solutions, an industry leader in providing healthcare IT and imaging solutions, is...
Sponsored Content | Videos | Enterprise Imaging| March 03, 2017
Enterprise imaging system expert Louis Lannum was in charge of Cleveland Clinic's efforts to connect images and other
Philips, IntelliSpace Enterprise Edition, enterprise imaging, HIMSS17, RSNA 2017
Technology | Enterprise Imaging| February 21, 2017
Philips recently announced the introduction of IntelliSpace Enterprise Edition at the 2017 Healthcare Information and...
Logicalis Healthcare Solutions lists the top cybersecurity issues for CIOs at HIMSS17.
News | Cybersecurity| February 10, 2017
February 10, 2017 — With the Healthcare Information and Management Systems Society’s annual meeting (HIMSS17) schedul
Sectra PACS, Cardiology Module, ProMedica, RSNA 2016
Technology | Cardiac PACS| December 05, 2016
Sectra announced that nonprofit healthcare system ProMedica is adding the Sectra Cardiology Module into its existing...
ScImage, DIN-PACS contract, Department of Defense medical centers, DoD, RSNA 2016
News | Cardiac PACS| November 21, 2016
ScImage Inc. announced it has secured orders for cardiovascular imaging systems (CVIS) at six Department of Defense (...
Sci-image, Scimage, CVIS, CIIMS, Cpacs c-pacs, cardiovascular information system

Today's cardiovascular information systems need to incorporate all facets of the cardiology department, including subspecialties, to allow a complete picture of a patient's record. These data also need to be able to be shared with enterprise data systems, such as the electronic medical record (EMR). This image is from ScImage, illustrating the various aspects that integrate to make up a complete CVIS. 

 

Feature | September 29, 2016 | Val Kapitula, RT(R), PMP, CIIP
Cardiovascular information and imaging systems (CVIS) have existed for many years in the dedicated sub-specialty area
Overlay Init