FierceHealthcareFierceHealthITFierceHealthFinanceFierceEMRHospital ImpactFierceMobileHealthcare   FierceCIO

U.S. hospitals have security 'blind spot'

April 14, 2008 — 6:59am ET
Tools
Tags
security holes
security breaches
security
hospitals
HIPAA
HIMSS
data security

A new study confirms what many health IT administrators already know--that hospitals aren't doing a great job when it comes to investing in security. The study, which was commissioned by risk consulting firm Kroll Fraud Solutions and published by HIMSS, concluded that hospitals' focus on medical privacy and compliance has distracted them from the threat of patient identity theft and other data breaches. While HIT administrators are very familiar with HIPAA, and eager to meet its privacy provisions, their HIPAA compliance measures won't do much to prevent fraud or malicious hacking, the study noted.

In addition, hospitals aren't being reminded as often as they should be that their peers are having security problems that could affect them, too. The HIMSS study noted that many data breaches don't get reported, given that there's no firm rules in place requiring such disclosures.

Even worse, HIT leaders and their peers may be ignorant as to just how expensive a malicious data breach can be--despite the fact that the average cost of such a breach generally is estimated at nearly $200 per record and $6.3 million per incident.

To learn more about the study:
- read this Healthcare IT News piece
- register and download the original report

Related Articles:
More hospital data security breaches
Hospitals face ID security holes
HIMSS08: IT execs ready to lock down security

Click here to get the FierceHealthIT email newsletter for FREE!


Comments (1) | Post a comment

Comments

By Anonymous | Posted 2:25pm | March 2, 2009

I determined this week that a certain HMO probably does not have an automated audit trail related to their pharmacy system. Specifically, I asked the pharmacist if his password/code would be captured so that an electronic audit would show that he in fact had been reviewing my personal EHR and the response was no.I don't wish to take this HMO off the hook completely for this breach even if this may be an "older" pharmacy system. Since the HMO has an overall well-known EHR working system--it seems odd that there would be no electronic audit related to the "viewing", "peeking at" patient's information when it comes to patient's medications. I spoke with a solid pharmD who was a manager not a pharmtech.

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

To combat spam, please enter the code in the image.