Even IT professionals in hospitals are concerned that their organizations aren't doing enough to safeguard electronic patient information, according to a newly released survey. The Traverse City, Mich.-based Ponemon Institute, with the support of security management firm LogLogic, reports that 61 percent of health IT practitioners doubt that their organizations have the resources to meet privacy and security requirements, while 70 percent say senior management isn't making data protection a priority.
Four in five of the 542 IT pros from large healthcare organizations report having had at least one breach of electronic health information in the past year. This is a particularly striking number because more than two-thirds of organizations represented in the survey say that at least a quarter of their patient records are electronic. "The lack of resources and support from senior management is putting electronic health information at risk," Ponemon Institute Chairman Dr. Larry Ponemon says in a written statement.
As part of the research, LogLogic, based in San Jose, Calif., conducted in-depth interviews with health IT security professionals at seven large health systems. For the most part, these people consider the new HIPAA rules brought on by the American Recovery and Reinvestment Act a good, though far from perfect, step in protecting EMR data.