NEW YORK – A new study from HIMSS Analytics and Kroll Advisory Solutions shows that, a diligentfocus on security compliance notwithstanding, healthcare providersare still badly lacking when it comes to privacy protections. Infact, data breaches have only increased in recent years. According to the 2012 "HIMSS Analytics Report: Security ofPatient Data," increasingly stringent regulatory activity withregard to reporting and auditing procedures – and increasedcompliance from providers – haven't done anything to preventan uptick in breaches over the past six years. The report is the third iteration of Kroll"s biannual surveyof healthcare providers nationwide. Ironically, it shows increasing confidence on the part of itsrespondents – which included HIM directors, complianceofficers, CIOs and more – that they're ready for data risks.On a scale of one to seven, with with one being "not at allprepared" and seven being "extremely prepared,"respondents scored themselves an average of 6.40 – comparedto 6.06 in 2010 and 5.88 in 2008. But feeling like one is in adherence with policy prescriptions isnot the same as actually protecting personal health information(PHI), says Brian Lapidus, senior vice president for Kroll AdvisorySolutions. "Organizations that have never dealt with one of these issuesmight think they're prepared," says Lapidus. "But whenyou get into the reality of actually handling the event, it becomesa whole different ballgame." Indeed, 27 percent of respondents reported a security breach in thepast year – well up from 19 percent in 2010 and 13 percent in2008. More than two-thirds (69 percent) experienced more than onein the past 12 months. Clearly, increased preparedness is not synonymous with increasedsecurity, says Lapidus. More often than not, providers are"prioritizing compliance over security," he says."Where we are, with meaningful use and the incentives that come with that, those statutes are reallytied more to compliance than they are to security." Sure, there are security factors built in to the HITECH Act , he adds, "but because the incentive is focused on complyingwith EHR conversion and meaningful use, I think security might be taking alittle bit of a backseat." That said, the survey did find that that a robust 96 percent ofrespondents reported conducting a formal risk analysis at theirorganization in the past 12 months. A good start, says Lapidus– but not enough, in and of itself. [See also: Risk assessments leave hospitals hamstrung .] "Risk assessment is the tip of the sword," he says."And the depth of of that assessment, that analysis, is goingto vary from organization to organization. Some use it as astarting point for a deeper dive. They do the risk assessment, theyunderstand their vulnerabilities, and then they use that assessmentand the results that come from it as a work list with which they,organizationally, can go through and start working on each of thesevulnerable areas." At the other end of the spectrum, says Lapidus, "you havepeople who do the risk assessment and say, 'Great, I've done it,this is my checkbox for meaningful use Stage 1, and away wego.'" That's not enough. The HIMSS/Kroll study offers ample evidence thathealthcare is being buffeted by significant and fast-evolvingsecurity threats these days – and shows why it's imperativefor healthcare organizations to take a proactive and nimbleapproach to ensuring their patients' personal health information isprotected. (Continued on page 2). I am an expert from china-securitycamera.com, while we provides the quality product, such as China Color CCTV Camera , China Low Lux Camera, Outdoor Security Cameras,and more.
Related Articles -
China Color CCTV Camera, China Low Lux Camera,
|