Survey: IT Leaders Concerned About Inappropriate Data Access | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: IT Leaders Concerned About Inappropriate Data Access

February 21, 2014
by Gabriel Perna
| Reprints

The results of the 2013 HIMSS Security Survey reveals that breaches of protected health data (PHI) remain a concern by U.S. hospitals and physician practices, specifically the practice of inappropriate data access.

The survey of 283 information technology (IT) and security professionals employed by provider organizations revealed that there is increased use of several technologies related to employee access to patient data, including user access control and audit logs of each access to patient health records. Ninety-three percent of organizations indicate their organization is collecting and analyzing data from audit logs and 67 percent are using at least two mechanisms, such as user-based and role-based controls, for controlling access to data.

“Healthcare organizations are increasingly deploying technologies to increase data security, but continued analysis is crucial in ensuring the proactive prevention of data breaches within hospitals and physician practices. Without these anticipatory measures, security of patient data will remain a core challenge within our nation’s healthcare organizations,” Lisa A. Gallagher, vice president of technology solutions at HIMSS said in a statement.

Other findings from the survey reveal 49 percent of healthcare organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data. More than half have increased their security budgets in the past year, the data also revealed.

There are areas where healthcare providers are doing well. Ninety-two percent of organizations conduct a formal risk analysis, 54 percent of organizations report having a tested data breach response plan, and 63 percent of these organizations test their plan annually.

Another recent report, from Redspin, Inc., a Carpinteria, Calif.-based provider of IT security assessments, revealed that in 2013 breaches of PHI were up 138 percent from 2012.

Read the source article at



HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.