Report: 72 Percent of Healthcare Employees Are Security "Risks" or Security "Novices" | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: 72 Percent of Healthcare Employees Are Security "Risks" or Security "Novices"

April 5, 2017
by Heather Landi
| Reprints

Only 28 percent of healthcare employees demonstrated the privacy and security awareness to prevent incidents that could lead to the exposure of protected health information (PHI) and other forms of personal data, according to a recent MediaPro survey.

And, as a snapshot of the current state of security and privacy awareness, healthcare employees still demonstrate more security and privacy know-how compared to the general employee population. The survey found that healthcare employees are still twice as likely to have the security and privacy know-how to protect against preventable threats compared with the general employee population, as only 12 percent of the general population demonstrated the same level of awareness.

For the report, MediaPro polled 850 healthcare employees across the U.S. and found that 18 percent were considered risks, meaning their lack of awareness could put their organization in jeopardy of a potentially serious privacy or security incident. Further, more than half of healthcare employees (54 percent) are considered security "novices." In total, 72 percent of healthcare employees are either risks or novices, showing a lack of basic awareness of privacy and security awareness best practices in the eight surveyed risk areas. And, as mentioned above, 28 percent of healthcare employees are considered security "heroes," or are highly risk-aware.

Survey respondents were polled in several different risk areas and the average score of a risk-aware employee is 93.5 percent.

In each risk area, these were the average scores:

Incident reporting – 80 percent

Identifying personal information – 82 percent

Access controls – 85 percent

Preventing phishing – 90 percent

Malware warning signs – 86 percent

Working remotely – 83 percent

Cloud computing – 85 percent

Acceptable use of social media – 85 percent

According to the report, 89 percent of healthcare organizations have experienced a data breach involving patient data in the past two years and the report authors note that “while it is impressive that healthcare employees are seemingly more risk aware compared with the general employee population, it’s important to note that 72 percent of healthcare employees are considered either a security risk or security novice, illustrating a clear need for improved education and awareness.”

According to the report authors, the survey results align with broader analysis of the healthcare industry that shows IT investment as it relates to cybersecurity strategy and employee awareness training are driven largely by HIPAA compliance, as opposed to business risk mitigation.

The survey results highlight that it’s time for healthcare organizations to move beyond mere HIPAA compliance training, according to the report, and as employees are the last safeguard against data breaches, fines and reputational damage, a well-thought-out and expertly sourced approach to employee awareness education should be a top priority.

 

 

 

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

David Bates to Receive Glaser Award at UTHealth School of Biomedical Informatics

On Oct. 30, the 2017 John P. Glaser Health Informatics Innovator Award will be presented to patient safety expert David Bates, M.D.

TMCx Digital Health Accelerator Prepares for 2018 Class

TMCx, a digital health accelerator program launched in 2015 by the Texas Medical Center’s Innovation Institute, is seeking applications for its 2018 class of startups.

DoD, Leidos Roll Out MHS Genesis at Madigan Army Medical Center

Madigan Army Medical Center in Takoma, Washington is now the fourth military site to go live with the MHS Genesis electronic health record (EHR) system.

athenahealth to Cut Workforce by 9 Percent, Close Two Offices

athenahealth, the Watertown, Mass.-based electronic health record (EHR) vendor, expects to reduce its workforce by about 9 percent due to an organizational redesign that also involves the closure of two offices.

CISO Survey: End Users See Security as a Hurdle to Innovation

Traditional approaches to security are leading to frustrated users and strained relationships between workers and IT departments, according to the findings of a CISO survey. About three-fourths (74 percent) of CISOs say end users are frustrated that security disrupts productivity and 81 percent say end users see corporate security policies as a hurdle to innovation.

Michigan HIE Implementing Alerts for Social Determinants of Health

Great Lakes Health Connect (GLHC), Michigan’s health information exchange (HIE), is partnering with health IT solutions company Holon Solutions to enable alerts that address patients’ physical, mental and social determinants of health.