Survey: Orgs. Doing More Health Data Risk Analysis, Still Lack Breach Response Plan | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: Orgs. Doing More Health Data Risk Analysis, Still Lack Breach Response Plan

December 13, 2012
by Gabriel Perna
| Reprints

According to a new survey from the Healthcare Information and Management Systems Society (HIMSS), even as more healthcare organizations conduct annual security risk analyses to protect patient data, most are still without a data breach response plan. Thanks to incentives provided by the Centers for Medicare & Medicaid Services’ (CMS) meaningful use program, there is increased focus on data protection, say authors of the report, 2012 HIMSS Security Survey.

The study, of 303 individuals, included feedback from physician practices, standalone hospitals, healthcare systems, and what HIMSS calls a “variety of healthcare organizations.” Overall, 90 percent of respondents working at hospitals conduct an annual risk analysis. Of those at a physician practice, 65 percent of respondents said they conduct an annual risk analysis.

However, less than half of the organizations surveyed (43 percent) said they had a data breach response plan.  Also the overall IT security budget has remained largely unchanged since last year, the authors of the report found. Fifty-seven percent of the respondents indicated their organization used only a single method for controlling employee access to patient information. 

Of those surveyed, only 22 percent indicated they reported a security breach last year. This sharply contrasts the survey from The Ponemon Institute, which found 94 percent of healthcare organizations had suffered a data breach.  

“As our survey results indicate, more hospitals and physician practices have increased their emphasis on security of patient health data, but have more to accomplish when it comes to ongoing data security,”  Lisa Gallagher, senior director, privacy & security, HIMSS, said in a statement.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.