Healthcare News & Insights

Can your hospital respond well to data breaches?

Hospitals are definitely taking data security more seriously, but are they doing enough to secure patients’ protected health information (PHI)? 

167320497A new study by the Ponemon Institute provides insight into how common breaches are and how facilities stack up when it comes to preparing for data breaches.

The study polled 567 leaders of organizations across several sectors — healthcare executives made up the second biggest group — about what steps they’ve taken to secure important data.

Preparedness issues

About 43% percent of respondents said their organization had experienced a breach involving the loss or theft of 1,000 records or more in the last year, up by 10% since 2013. Sixty percent said they had experienced more than one breach in the last two years, up from 52% last year.

Seventy three percent said their organization implemented a data breach response plan outlining what steps to take and when in the event of a breach. This was an encouraging finding since data breach plans can help facilities meet HIPAA security standards.

Unfortunately, despite the growing number of preventive measures, the quality of those response plans was questionable.

In fact, sixty-seven percent of respondents said they felt like their organization didn’t have a solid understanding of what needed to be done to minimize damages and retain consumer trust if a breach occurred.

Barriers to effective response

Ponemon’s report also addresses some of the barriers preventing effective breach response.

Facilities often make the mistake of letting breach response plans go unchanged after their creation. About 41% of respondents said their facility had no set time for reviewing and updating plans. Even more troubling, about 37% said they hadn’t reviewed their plan since it was created.

Rather than be complacent with solely meeting security compliance, hospitals need to  be more proactive in their prevention efforts by routinely reviewing and updating breach response plans.

Updating your response plan should coincide with a periodic risk analyses on your facility. That way your staff can establish what new vulnerabilities may have developed, and then tweak your security measures and response procedures accordingly.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.