Hospitals and health organizations need to be more proactive about preventing health data breaches, concluded the authors of the recently released "2012 HIMSS Analytics Report: Security of Patient Data." The report said most facilities are too wrapped up in compliance issues to focus on keeping patient data protected.
"While increased regulation and better-articulated guidance have led to increases in privacy and security measures within hospitals, they also have contributed to a false sense of security within organizations that comply with these mandates," the report's authors wrote. "Despite the increase in the number of breach incidents reported, most hospitals continue to believe that if they are more prepared, they are more secure."
Of 250 patient data experts surveyed of by Kroll Advisory Solutions, which commissioned the report, 27 percent indicated that they had experienced a data breach at their organization during the past 12 months; 18 percent didn't know if a breach had affected their organization.
What's more, only one-fourth of respondents who reported that they were affected by a breach said the breach was cause for an update to their facility's security policy. A vast majority of respondents (73 percent) said that updates to their security plans were based solely on changes to overarching policies such as HIPAA.
"Security practices in place continue to overemphasize a 'checklist' mentality for compliance without implementing more comprehensive and sustainable changes needed for meaningful improvements in the day-to-day handling" of patient data, the authors wrote.
The report's release, oddly enough, coincides with news that a Medicaid data breach in Utah compromised information for 800,000 citizens, including Social Security numbers for 280,000 Utahns. Additionally, a class-action lawsuit recently was filed against Orange, Calif.-based St. Joseph Health System over a breach that allowed data of nearly 32,000 patients to be searchable online, the Press Democrat reported this week.