Skip to content Skip to navigation

Survey: Orgs. Doing More Health Data Risk Analysis, Still Lack Breach Response Plan

December 13, 2012
by Gabriel Perna
| Reprints

According to a new survey from the Healthcare Information and Management Systems Society (HIMSS), even as more healthcare organizations conduct annual security risk analyses to protect patient data, most are still without a data breach response plan. Thanks to incentives provided by the Centers for Medicare & Medicaid Services’ (CMS) meaningful use program, there is increased focus on data protection, say authors of the report, 2012 HIMSS Security Survey.

The study, of 303 individuals, included feedback from physician practices, standalone hospitals, healthcare systems, and what HIMSS calls a “variety of healthcare organizations.” Overall, 90 percent of respondents working at hospitals conduct an annual risk analysis. Of those at a physician practice, 65 percent of respondents said they conduct an annual risk analysis.

However, less than half of the organizations surveyed (43 percent) said they had a data breach response plan.  Also the overall IT security budget has remained largely unchanged since last year, the authors of the report found. Fifty-seven percent of the respondents indicated their organization used only a single method for controlling employee access to patient information. 

Of those surveyed, only 22 percent indicated they reported a security breach last year. This sharply contrasts the survey from The Ponemon Institute, which found 94 percent of healthcare organizations had suffered a data breach.  

“As our survey results indicate, more hospitals and physician practices have increased their emphasis on security of patient health data, but have more to accomplish when it comes to ongoing data security,”  Lisa Gallagher, senior director, privacy & security, HIMSS, said in a statement.



Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.

FDA, Hospitals Work to Improve Data Collection about Medical Devices

The U.S. Food and Drug Administration is looking to improve the way it works with hospitals to modernize and streamline data collection, specifically safety data, about medical devices.

McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.

Catholic Health Initiatives and Dignity Health are in Merger Talks

Englewood, Colorado-based health system Catholic Health Initiatives is in merger talks with San Francisco-based Dignity Health to potentially create one of the largest nonprofit health systems by revenue in the country.

OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.