Access management tops healthcare execs' security and privacy worries

Identity management and unauthorized data access by employees are healthcare providers' biggest security and privacy concerns, according to a new KLAS report, "Security and Privacy Perception 2014: High Stakes, Big Challenges."

Bring your own device and remote security policies came in second.

The report, based on a survey of 104 healthcare providers, found no clear market leader in healthcare security services--respondents mentioned 46 different firms. However, 59 percent of respondents had used a third-party security firm in the past 18 months. The top five services organizations sought out from these companies were:

  • HIPAA and Meaningful Use risk assessment
  • Attack and penetration testing
  • Privacy assessment
  • HIPAA breach advisory services
  • Mobile security advisory services

Meanwhile, 75 percent of academic medical centers said they were "prepared" or "very prepared" for an audit by the U.S. Department of Health and Human Services' Office for Civil Rights.

When those audits resume this fall, they're expected to be more narrow in focus with fewer site visits. However, privacy attorney Adam Green, who formerly worked for OCR, has warned that healthcare organizations and their business associates must maintain meticulous records in preparation for an audit.

A report from security rating firm BitSight Technology is just the latest stressing that healthcare lags other industries in security preparedness.  It echoes a SANS Institute finding that compliance does not equal security.

Employees fired from Cedars-Sinai Medical Center in California after inappropriately accessing patient records--rumored to be those of Kim Kardashian when her daughter was born--highlight one of the more high-profile cases of an insider privacy breach.

To learn more:
- find the report