KLAS: Providers Report Internal Unauthorized Data Access as Top Security Threat | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

KLAS: Providers Report Internal Unauthorized Data Access as Top Security Threat

May 29, 2014
by Rajiv Leventhal
| Reprints

When it comes to security and privacy, healthcare providers say identity management and unauthorized data access by employees are their biggest concerns, according to a new report from the Orem, Utah-based KLAS.

Providers in this report rated unauthorized access by employees as their biggest concern. The second biggest concern stems from bring-your-own-device (BYOD) policies, which create risk for unmonitored system access, encryption failure, and theft or loss of devices containing protected health information (PHI).

According to the report, the stakes have never been higher as providers strive to meet meaningful use and Health Insurance Portability and Accountability Act (HIPAA) requirements and secure PHI in a world of increasing threats, technological evolution, and sophisticated hacking. One oversight can lead to heavy fines and damaging press coverage, it said.

KLAS spoke with 106 providers to find out where they felt the most at risk for breaches and to see which third-party firms they were turning to for assistance. Those providers in this study—"Security and Privacy Perception 2014: High Stakes, Big Challenges"— mentioned 46 different firms for security services within healthcare. Of those mentioned, CynergisTek, Deloitte, and Verizon were mentioned the most, followed by Dell, Fortrex Technologies, Hayes Management Consulting, IBM, and Santa Rosa Consulting.

According to providers, healthcare IT consulting firms are offering, on average, fewer security-related services than firms that focus predominantly on security. Of the health IT consulting firms, Santa Rosa Consulting provides the most services, followed by Dell. Health IT consulting firms mainly offer HIPAA and meaningful use risk assessments, while security-focused firms offer several additional services. Fifty-nine percent of providers said they had used a third-party firm for security and privacy services in the last 18 months, the report found.

One CIO in the report said, “Security and privacy are on my list of the top-three things that keep me up at night. I am really concerned because I just don’t have the right resources watching that. . . . There are people out there who are ill intended and who hack systems and steal medical identities. Every day there is another breach somewhere.”

“We are hearing from providers that security and privacy concerns are becoming a part of their everyday discussions," said Erik Westerlind, report author. "At this point, a market leader has yet to be established. As the stakes get higher, healthcare organizations are using multiple firms for their security and privacy needs to ensure they are covering all of their bases."

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.