Survey: Orgs. Doing More Health Data Risk Analysis, Still Lack Breach Response Plan | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: Orgs. Doing More Health Data Risk Analysis, Still Lack Breach Response Plan

December 13, 2012
by Gabriel Perna
| Reprints

According to a new survey from the Healthcare Information and Management Systems Society (HIMSS), even as more healthcare organizations conduct annual security risk analyses to protect patient data, most are still without a data breach response plan. Thanks to incentives provided by the Centers for Medicare & Medicaid Services’ (CMS) meaningful use program, there is increased focus on data protection, say authors of the report, 2012 HIMSS Security Survey.

The study, of 303 individuals, included feedback from physician practices, standalone hospitals, healthcare systems, and what HIMSS calls a “variety of healthcare organizations.” Overall, 90 percent of respondents working at hospitals conduct an annual risk analysis. Of those at a physician practice, 65 percent of respondents said they conduct an annual risk analysis.

However, less than half of the organizations surveyed (43 percent) said they had a data breach response plan.  Also the overall IT security budget has remained largely unchanged since last year, the authors of the report found. Fifty-seven percent of the respondents indicated their organization used only a single method for controlling employee access to patient information. 

Of those surveyed, only 22 percent indicated they reported a security breach last year. This sharply contrasts the survey from The Ponemon Institute, which found 94 percent of healthcare organizations had suffered a data breach.  

“As our survey results indicate, more hospitals and physician practices have increased their emphasis on security of patient health data, but have more to accomplish when it comes to ongoing data security,”  Lisa Gallagher, senior director, privacy & security, HIMSS, said in a statement.



Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.

In GAO Report, More Concern over VA VistA Modernization Project

A recent Government Accountability Office (GAO) report is calling into question the more than $1 billion that has been spent to modernize the Department of Veterans Affairs' (VA) health IT system.

Lawmakers Introduce Legislation Aimed at Improving Medicare ACO Program

U.S. Representatives Peter Welch (D-VT) and Rep. Diane Black (R-TN) have introduced H.R. 4580, the ACO Improvement Act of 2017 that makes changes to the Medicare accountable care organization (ACO) program.

Humana Develops Medication Management Tool

A new tool developed by Humana enables the company’s members to keep a list of their medications in one place.