KLAS: Providers Report Internal Unauthorized Data Access as Top Security Threat | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

KLAS: Providers Report Internal Unauthorized Data Access as Top Security Threat

May 29, 2014
by Rajiv Leventhal
| Reprints

When it comes to security and privacy, healthcare providers say identity management and unauthorized data access by employees are their biggest concerns, according to a new report from the Orem, Utah-based KLAS.

Providers in this report rated unauthorized access by employees as their biggest concern. The second biggest concern stems from bring-your-own-device (BYOD) policies, which create risk for unmonitored system access, encryption failure, and theft or loss of devices containing protected health information (PHI).

According to the report, the stakes have never been higher as providers strive to meet meaningful use and Health Insurance Portability and Accountability Act (HIPAA) requirements and secure PHI in a world of increasing threats, technological evolution, and sophisticated hacking. One oversight can lead to heavy fines and damaging press coverage, it said.

KLAS spoke with 106 providers to find out where they felt the most at risk for breaches and to see which third-party firms they were turning to for assistance. Those providers in this study—"Security and Privacy Perception 2014: High Stakes, Big Challenges"— mentioned 46 different firms for security services within healthcare. Of those mentioned, CynergisTek, Deloitte, and Verizon were mentioned the most, followed by Dell, Fortrex Technologies, Hayes Management Consulting, IBM, and Santa Rosa Consulting.

According to providers, healthcare IT consulting firms are offering, on average, fewer security-related services than firms that focus predominantly on security. Of the health IT consulting firms, Santa Rosa Consulting provides the most services, followed by Dell. Health IT consulting firms mainly offer HIPAA and meaningful use risk assessments, while security-focused firms offer several additional services. Fifty-nine percent of providers said they had used a third-party firm for security and privacy services in the last 18 months, the report found.

One CIO in the report said, “Security and privacy are on my list of the top-three things that keep me up at night. I am really concerned because I just don’t have the right resources watching that. . . . There are people out there who are ill intended and who hack systems and steal medical identities. Every day there is another breach somewhere.”

“We are hearing from providers that security and privacy concerns are becoming a part of their everyday discussions," said Erik Westerlind, report author. "At this point, a market leader has yet to be established. As the stakes get higher, healthcare organizations are using multiple firms for their security and privacy needs to ensure they are covering all of their bases."

Get the latest information on Meaningful Use and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.

In GAO Report, More Concern over VA VistA Modernization Project

A recent Government Accountability Office (GAO) report is calling into question the more than $1 billion that has been spent to modernize the Department of Veterans Affairs' (VA) health IT system.

Lawmakers Introduce Legislation Aimed at Improving Medicare ACO Program

U.S. Representatives Peter Welch (D-VT) and Rep. Diane Black (R-TN) have introduced H.R. 4580, the ACO Improvement Act of 2017 that makes changes to the Medicare accountable care organization (ACO) program.