Kroll Advisory Solutions recently released the 2012 HIMSS Analytics Report: Security of Patient Data, which found that the frequency of healthcare data breaches has increased steadily over the past six years.
"The survey ... asked chief information officers, health information managers, chief privacy officers and chief security officers working at 250 hospitals and medical centers about the number of data breaches they knew about over the past 12 months," writes Network World's Ellen Messmer. "The survey found 27 percent of the respondents had at least one security breach over the past year, up from 19 percent in 2010 and 13 percent in 2008."
"Human error by employees was a major factor in health breaches, according to respondents," writes eWeek's Brian T. Horowitz. "Of the respondents, 79 percent said security breaches were initiated by an employee, and 56 percent said breaches occurred because employees had unauthorized access to information."
"Another significant takeaway is that mobile devices might be great for giving clinicians information at the point of care -- but they're not so good at keeping PHI safe," writes Healthcare IT News' Mike Millard. "Nearly a third (31 percent) of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 20 percent in 2010 and four percent in 2008).https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"What's more, only one-fourth of respondents who reported that they were affected by a breach said the breach was cause for an update to their facility's security policy," writes FierceHealthIT's Dan Bowman. "A vast majority of respondents (73 percent) said that updates to their security plans were based solely on changes to overarching policies such as HIPAA."
"When it comes to long-term prevention of data security incidents, it appears that the healthcare industry is not taking its own medicine," Kroll senior vice president Brian Lapidus said in a statement. "There’s no question that HIPAA, HITECH and Red Flags have raised the base standard for protecting patient data, but combating the industry’s biggest security threats requires the essential combination of compliance and sound security measures. It’s like nutrition and exercise as the dynamic duo of weight loss. The magic happens when the two overlap."