New Survey Highlights Security Risks Facing Health IT and Security Professionals

MCLEAN, Va., Feb 21, 2012 (BUSINESS WIRE) -- A new Government Health IT survey sponsored by Booz Allen Hamilton found that only 56 percent of government health IT and security professionals believe their organizations are in full compliance with current security and privacy requirements, while 60 percent said they have a holistic security strategy in place.

While privacy and security of patient health information has long been a concern of government and the healthcare industry, the growing adoption of health IT and better reporting under the HITECH Act's expansion of HIPAA privacy and security rules, has heightened security concerns.

Health data breaches in the U.S. increased 97 percent from 2010 to 2011, with an increasing concentration of protected health information (PHI) on unencrypted portable devices being one of the main culprits, according to a 2012 report on PHI Breach Analysis from Redspin, a provider of penetration testing services and IT security audits.

"With the rapid adoption of new mobile technologies, such as the iPhone, iPad, and Android devices, organizations face new challenges and risks, as their networks add more access points," said Ilene Yarnoff, Principal, Booz Allen Hamilton. "A holistic risk management approach, rather than ad hoc process changes, is needed to meet today's security requirements."

Nearly 80 percent of those surveyed said mobile devices will become more important to their business in the next five years, but only 53 percent said that their organization has a specific risk management plan for the loss of data or sensitive information on mobile devices.

"Until ubiquitous, interoperable, secure industry standards and protocols are approved and widely adopted on the technology side, organizations will need to implement their own security solutions that will allow them to operate securely within their enterprises," said Natalie Givans, Booz Allen Senior Vice President.

Increasing mobile device security should be part of the broader risk management strategy for each organization. "Hospitals can implement identity and access control solutions, and overlay encryption for clinicians using mobile devices and applications within hospital walls; networks and applications can be secured and monitored to ensure only authorized staff is allowed to view particular patient data and access medical devices," Givans said.

The Government Health IT survey, conducted from December 2011 to January 2012, polled 137 individuals from the Department of Health and Human Services, Veterans Affairs, and state and local governments.

The full survey, and accompanying white paper, "Achieving Cyber Health: Building a Strategy for Successful Healthcare Transformation," were released during the 2012 Healthcare Information and Management Systems Society (HIMSS) Annual Conference and Exhibition in Las Vegas, NV. For more information, please visit www.boozallen.com/health .

About Booz Allen Hamilton

Booz Allen Hamilton ( www.boozallen.com ) is a leading provider of management and technology consulting services to the U.S. government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, 2011.

SOURCE: Booz Allen Hamilton

        Booz Allen Hamilton 
        Carrie Lake, 703-377-7785 
        [email protected]

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine health research database project has enrolled 230,000 participants.

Hospitals must pursue a deliberate strategy for managing their public image—and a powerful tool for doing so is inpatient clinical data registries.