The use of real patient data in the development of new software and systems may be putting sensitive personal health information and personally identifiable information at risk of exposure and data breach, according to the Michigan-based Ponemon Institute, which studies privacy, data protection and information security policy.
In the survey, sponsored by Informatica Corporation, a data integration software provider, more than 450 IT professionals in American healthcare organizations were polled. The report found out that many healthcare organizations may be exposing themselves to the risk of not complying with various regulations such as the Health Insurance Portability and Accountability Act (HIPAA), reports Healthcare IT News.
In the survey, more than half (51 percent) of the professionals said they do not protect patient data used in software development and testing, and 78 percent reported that they are not confident or are undecided on whether their organization could detect the theft or accidental loss of real data during development or testing.
In addition, 38 percent reported that they have had a breach involving data in a development and test environment, while 12 percent were unsure if a breach had occurred or not. Fifty-nine percent of those who incurred breaches reported disruption of operations, while 56 percent faced regulatory action and 36 percent said they had a reputation loss.
With only 35 percent of respondents saying that their organizations are successful at protecting patient privacy in development and test environments, Ponemon called for greater investment in technologies such as encryption, data masking, access management, data leak prevention to reduce the risk of data breach.