Threat of medical identity theft high for small healthcare organizations


More than 90 percent of small healthcare organizations have had a data breach in the past 12 months, according to research conducted by The Poneman Institute. The study, Data Security in Small Healthcare Organizations, which surveyed 708 IT and administrative practitioners working in organizations with 250 or fewer employees, concluded that the biggest threats to security continue to be negligent employees and the inability to meet compliance requirements.

"We found that, while a majority of respondents agree that their organizations are taking the appropriate steps to protect the privacy and rights of patients and comply with HIPAA requirements, only 31 percent believe that their management views privacy and data security as a top priority," said Larry Ponemon, PhD, chairman and founder of The Ponemon Institute. "Surprisingly, only 30 percent agree that they have adequate resources to ensure that privacy and data security requirements are met."

Electronic medical record conversion initiatives, wireless network implementations and other projects have introduced significant security concerns that are compounded by escalating security threats, the study noted. In addition, the growing use of mobile technologies at healthcare facilities poses another threat to patient information security.

The study report also included the following significant findings:

  • Unfavorable opinions about security measures. Seventy percent of respondents agree that their organizations do not have -- or are unsure their organizations have -- sufficient funding to achieve proper governance, risk management and compliance requirements.
  • Lack of central IT responsibility. Thirty-five percent of respondents say no one person has overall responsibility for protecting patient health information.
  • Paper trail still exists. Patient information is most often in paper documents as opposed to electronic storage.
  • Technology controls lag regulation. Governance and control procedures are considered more effective than the technologies they currently use.
  • IT investment is insufficient. Approximately half of respondents (48 percent) say less than 10 percent of their organizations' IT budget or annual IT spending is dedicated to data security technologies.

MegaPath, a provider of managed data, voice and security services, sponsored the research. Click here to download and view the full report.

Add new comment