Data Breaches Reported at 71 Percent of Health Care Companies in the Past Year: ReportBy Channel Insider Staff | Posted 2011-09-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Nearly three-quarters of health care firms reported data breaches in the last year, with snooping staffers mostly to blame, according to a survey by data analytics vendor Veriphyr.
A new study by Veriphyr, a software-as-a-service data analytics application provider, found that 71 percent of health care organizations have suffered at least one data breach within the past year.
Veriphyr offers data-analytics software that allows medical practices to view logs showing who has accessed patients' medical records.
Insider peeks were responsible for most of the breaches, the company reports. Of the breaches reported in the survey, 35 percent involved snooping into medical records of co-workers, and 27 percent involved viewing records of friends and relatives.
Of the 90 health care IT managers Veriphyr surveyed in its Web-based poll, 52 percent believed their health care facility lacked adequate tools to monitor inappropriate access to personal health information. Veriphyr released its report, entitled "Veriphyr's 2011 Survey of Patient Privacy Breaches," on Aug. 31. It includes results of its survey of compliance and privacy officers at mid- to large-size hospitals and health care service providers.
Under HIPAA rules, hospitals must have at least one compliance officer, or privacy officer, to monitor proper access to records.
Of the incidents reported, 25 percent involved loss or theft of physician records and 20 percent were loss or theft of equipment holding personal health data.
The study found that 79 percent were "somewhat concerned" or "very concerned" that existing processes do not enable prompt detection of health data breaches. Still, 80 percent of those surveyed believed that top management would act on their recommendations to comply with security requirements and 74 percent were satisfied with their organization's level of IT compliance and security.
Meanwhile, 52 percent of respondents were dissatisfied with their organization's IT tools to track inappropriate access to sensitive personal health information. The more data breaches respondents reported, the more they were dissatisfied with their company's IT tools.
The results of the survey show that a narrow line exists between what is a medical necessity to access the information and what is simply snooping out of curiosity.
"The issue in health care is that information about you in the hospital needs to be available to anyone who will give you care," Alan Norquist, Veriphyr's CEO, told eWEEK. "Access to health care information is available broadly."
To read the original eWeek article, click here: 71 Percent of Health Care Companies Suffer Data Breaches in Past Year: Report