Skip to content Skip to navigation

KLAS: Providers Report Internal Unauthorized Data Access as Top Security Threat

May 29, 2014
by Rajiv Leventhal
| Reprints

When it comes to security and privacy, healthcare providers say identity management and unauthorized data access by employees are their biggest concerns, according to a new report from the Orem, Utah-based KLAS.

Providers in this report rated unauthorized access by employees as their biggest concern. The second biggest concern stems from bring-your-own-device (BYOD) policies, which create risk for unmonitored system access, encryption failure, and theft or loss of devices containing protected health information (PHI).

According to the report, the stakes have never been higher as providers strive to meet meaningful use and Health Insurance Portability and Accountability Act (HIPAA) requirements and secure PHI in a world of increasing threats, technological evolution, and sophisticated hacking. One oversight can lead to heavy fines and damaging press coverage, it said.

KLAS spoke with 106 providers to find out where they felt the most at risk for breaches and to see which third-party firms they were turning to for assistance. Those providers in this study—"Security and Privacy Perception 2014: High Stakes, Big Challenges"— mentioned 46 different firms for security services within healthcare. Of those mentioned, CynergisTek, Deloitte, and Verizon were mentioned the most, followed by Dell, Fortrex Technologies, Hayes Management Consulting, IBM, and Santa Rosa Consulting.

According to providers, healthcare IT consulting firms are offering, on average, fewer security-related services than firms that focus predominantly on security. Of the health IT consulting firms, Santa Rosa Consulting provides the most services, followed by Dell. Health IT consulting firms mainly offer HIPAA and meaningful use risk assessments, while security-focused firms offer several additional services. Fifty-nine percent of providers said they had used a third-party firm for security and privacy services in the last 18 months, the report found.

One CIO in the report said, “Security and privacy are on my list of the top-three things that keep me up at night. I am really concerned because I just don’t have the right resources watching that. . . . There are people out there who are ill intended and who hack systems and steal medical identities. Every day there is another breach somewhere.”

“We are hearing from providers that security and privacy concerns are becoming a part of their everyday discussions," said Erik Westerlind, report author. "At this point, a market leader has yet to be established. As the stakes get higher, healthcare organizations are using multiple firms for their security and privacy needs to ensure they are covering all of their bases."



Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.

FDA, Hospitals Work to Improve Data Collection about Medical Devices

The U.S. Food and Drug Administration is looking to improve the way it works with hospitals to modernize and streamline data collection, specifically safety data, about medical devices.

McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.

Catholic Health Initiatives and Dignity Health are in Merger Talks

Englewood, Colorado-based health system Catholic Health Initiatives is in merger talks with San Francisco-based Dignity Health to potentially create one of the largest nonprofit health systems by revenue in the country.

OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.