Healthcare News & Insights

Survey: Security is not a top priority for healthcare organizations

To protect health information, providers must have support for information security throughout the entire organization. However, that’s not how it works in most places, according to a recent survey. 

Security is not a top priority for healthcare providers, according to a recent survey from Core Health Technology. Of the 1,350 health IT pros surveyed, just 2% said information security was one of their organization’s top three priorities. That’s despite the fact that 71% of respondents said that security is integral to their organization’s health IT goals and priorities.

Health IT pros are certainly worried about security, even if the rest of the organization isn’t — when asked what issues kept them up at night, 32% said information security, making that the top response out of all the options.

IT departments should do their best to get the rest of their organizations concerned about security, too. As more health information becomes electronic, providers are at a greater risk of IT security incidents compromising protected health information. Recently, several healthcare organizations have suffered serious data breaches and even HIPAA fines due to negligent handling of electronic medical information.

Of course, it’s difficult to prevent those incidents from happening without funding and support from the rest of the organization. Here are some steps health IT pros can take to help make security more of a priority:

  • Put a price on it — IT can help the organization’s leaders think about how much information security is worth by helping them understand all the costs of a data breach. That includes not just the clean-up costs after an incident, but also potential compliance fines, legal fees, reputation damage, etc. Giving examples of recent breaches and how much they cost can help.
  • Conduct an in-house security test — IT pros often face leaders and others who have the attitude that a security breach won’t happen to them or their organization. But IT can change that line of thinking by conducting simulated security attacks — for example, sending emails with suspicious links or attachments — and seeing if anyone falls for them. If anyone does, it could be the wake-up call the organization needs.
  • Give training people can relate to — In addition to winning organizational support, it’s important that the average staffer also cares about security, since they’re the ones on the front lines. To do that, IT can include information in training sessions about how people can help keep their own medical information safe. That will help make sure security is at the top of their minds.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.