Hospitals need to beef up data security

Healthcare organizations have stepped up their emphasis on security of patient health data, a new survey reveals. The increased attention is largely due to the new focus on qualifying for incentives provided by the Centers for Medicare & Medicaid (CMS) Electronic Health Record Incentive Program (meaningful use). However, there is still much work to do when it comes to ongoing data security.

Over 300 hospitals, physician practices, and other healthcare organizations responded to the 2012 HIMSS Security Survey from the Healthcare Information and Management Systems Society, supported by the Medical Group Management Association and underwritten by Experian Data Breach Resolution.

One out of four respondents reported that their organizations had sustained a security breach in the past year, according to the report.

Budgets lag: Although IT security budgets have increased at more than half of the organizations surveyed, the percentage of an organization’s IT budget that is devoted to securing patient data at these organizations has stagnated at 3% or less.

While two-thirds of respondents (64%) reported that their organization conducted an audit of their IT security plan, less than half (43%) reported that their organization tested their data breach response plan.

“A customized data breach response plan is as important as preventing breaches in the first place,” said Michael Bruemmer, vice president for Experian Data Breach Resolution. “The sooner the industry embraces the need to put a response plan in place, the better.”

Cost of breaches: According to a recent analysis by the Health Information Trust Alliance (HITRUST), a consortium of hospitals and healthcare organizations devoted to cybersecurity, the industry has experienced 495 data breaches since 2009 involving 21 million records at an estimated cost of $4 billion.