HIMSS Analytics: Compliance Prioritization Puts Patient Data at Risk | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HIMSS Analytics: Compliance Prioritization Puts Patient Data at Risk

April 12, 2012
by Gabriel Perna
| Reprints

According to a new report from the Chicago-based research arm of the Healthcare Information Management and Systems Society (HIMSS), HIMSS Analytics, a focus on the regulations and guidelines governing data security in the healthcare are not resulting in increased security. The study, called The 2012 HIMSS Analytics Report: Security of Patient Data, says there is a rise in data breaches over the last six years even with tight regulatory activity and compliance surrounding reporting and auditing procedures.  

The report indicated more healthcare industry professionals are more prepared than ever to confront the data security risks, giving themselves a 6.40 rating on a scale of one to seven (with with 1 being "not at all prepared" and seven being "extremely prepared"), as compared to 6.06 in 2010 and 5.88 in 2008. Yet despite this, a growing 27 percent of respondents reported a security breach during that same time period (up from 19 percent in 2010 and 13 percent in 2008). Furthermore, 69 percent experienced more than one - indicating that increased preparedness is not synonymous with increased security.

According to the report, human error remains the greatest threat to healthcare data security. In 2012, 79 percent of respondents reported that a security breach was perpetrated by an employee. Fifty-six (56) percent of respondents indicated that the source of a reported breach was unauthorized access to information by an individual employed by the organization at the time of the breach.  

Mobility is also a cause of increased data breaches, according to the report. Thirty-one (31) percent of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 20 percent in 2010 and four percent in 2008). Also, theexpectations of third party data security practices are not keeping pace with the increased outsourcing of patient data, the report says. Essentially, third party breaches are on the rise.

The study cited 18 percent of respondents that experienced a breach in the past 12 months cited third parties as the root cause.  Twenty-eight (28) percent of respondents indicated that "sharing information with external parties" is the top item that put patient data at risk (up from 18 percent in 2010 and 6 percent in 2008).

"Healthcare organizations need to ensure that their business associates are taking every precaution to safeguard this information. We know that most security breaches often are the result of actions taken by employees, so background checks, employee training and continued monitoring of policies and procedures are steps all covered entities should ensure are taken by their business associates,” Lisa Gallagher, senior director of privacy and security for the Healthcare Information and Management Systems Society (HIMSS), said in a statement.

There is also a lack of clarity on who is responsible for data security. Respondents said the HIM Director – 21 percent, CIO – 19 percent, Chief Privacy Officer, Chief Compliance Officer, CEO – 12 percent for each title and Chief Security Officer – 10 percent, were responsible – indicating that one set person has not been defined by the industry.

The report was sponsored by Kroll (New York, N.Y.). HIMSS surveyed 250 healthcare industry professionals participated in this research, conducted in December 2011.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



KLAS Research: Small Hospitals’ Buying Decisions Impacting EMR Market Share

A new KLAS Research report tracks shifts in electronic medical record (EMR) vendor market share among acute care hospitals, and finds that smaller hospitals are seeking technology solutions that meet their needs and limited budgets, and these contracts are making a mark on the EMR market.

Survey: Majority of Providers Predict Success for New Generic Drug Company, Project Rx

Back in January, four health systems, in consultation with the VA, announced a collaboration to develop a new, not-for-profit generic drug company. A survey has found that 90 percent of providers say they would become customers of the new venture.

Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).