Healthcare News & Insights

The health IT security mistake many organizations make

A recent survey shows that while most healthcare organizations are doing a good job protecting the security of electronic patient information, there are still some that lag behind.

Nearly three-quarters (74%) of organizations conduct a regular security risk analysis to determine potential threats to patient data, according to the 4th Annual HIMSS Security Survey, a recent report by the Healthcare Information and Management Systems Society.

Of course, having a majority of organizations perform those assessments is a good thing – but it also means 26% aren’t assessing their own security vulnerabilities, which could lead to lost or stolen data down the line.

Those that do conduct security assessments are finding them useful – 83% say it helps them determine what security controls to put into place. Assessments are most often conducted once a year (as reported by 49% of organizations), with another 21% performing them every two years, and 8% doing them every six months.

The survey also found that organizations are using a variety of security tools to protect patient data. The most common tools are:

  1. Firewalls (used by 99% of respondents)
  2. User access controls (94%)
  3. Audit logs to record when patient records are accessed and by whom (83%)
  4. Off-site storage (76%)
  5. Disaster recovery tools to prevent lost records (75%)

To read more about healthcare organizations’ security strategies, download the full HIMSS report here.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

css.php