SAN JOSE, Calif. - February 16, 2012 - According to a recent study of 708 IT and administrative practitioners working in organizations with 250 or fewer employees, almost all small healthcare organizations have had a data breach in the past 12 months. The Ponemon Institute study, Data Security in Small Healthcare Organizations, sponsored by MegaPath, one of the leading providers of managed data, voice, and security services in North America, concluded that the biggest threats continue to be negligent employees and the inability to meet compliance requirements.
"We found that, while a majority of respondents agree that their organizations are taking the appropriate steps to protect the privacy and rights of patients and comply with HIPAA requirements, only 31 percent believe that their management views privacy and data security as a top priority," said Dr. Larry Ponemon, Ph.D., Chairman and Founder, The Ponemon Institute. "Surprisingly, only 30 percent agree that they have adequate resources to ensure that privacy and data security requirements are met."
Massive shifts in industry regulations and technology in recent years have left most healthcare IT practitioners struggling to keep up with changing requirements, let alone get ahead of them. Electronic Medical Record (EMR) conversion initiatives, wireless network implementations and other projects have introduced significant security concerns that are compounded by an escalating security threatscape. In addition, the growing use of mobile technologies at healthcare facilities poses another threat to patient information security.
The following are some of the most significant findings from the Ponemon Institute study:
- All Patient Data is at Risk- Ninety-one percent have had at least one data breach and 23 percent say their organizations experienced at least one patient medical identity theft incident
- Unfavorable Opinions About Security Measures- Seventy percent of respondents agree that their organizations do not have or are unsure their organizations have sufficient funding to achieve proper governance, risk management and compliance requirements
- Lack of Central IT Responsibility- Thirty-five percent of respondents say no one person has overall responsibility for protecting patient health information
- Paper Trail Still Exists- Patient information is most often in paper documents as opposed to electronic storage
- Technology Controls Lag Regulation- Governance and control procedures are considered more effective than the technologies they currently use
- Lack of IT Investment Shows- Approximately half of respondents (48 percent) say less than 10 percent of their organizations' IT budget or annual IT spending is dedicated to data security technologies
"Healthcare organizations across the country face an aggressive threat landscape and strict compliance mandates that, coupled with limited IT budgets, stretch the effectiveness of their security teams and technologies," said S.L. Sweet, Director Managed Services, MegaPath. "On a daily basis we help health organizations nationwide-both large and small, meet these challenges head on by serving as a single source provider of their voice, data and managed security needs and delivering solutions that help adhere to changing industry regulations."
To download and view the full report, Data Security in Small Healthcare Organizations, or to learn about MegaPath's managed security services for the healthcare industry, visithttp://www.megapath.com/solutions/industry/healthcare/study/.
MegaPath operates one of the largest end-to-end communications networks in the country, providing both commercial and wholesale services. The company provides a full range of data, voice, and security services for small, medium, and enterprise businesses nationwide, as well as wholesale solutions to the carrier and service-provider markets through one of the largest end-to-end networks in the country. MegaPath helps businesses easily and securely communicate between their headquarters, employees, and business partners to lower costs, increase security, and enhance employee productivity. To learn more about MegaPath's managed IP data, voice, and security services, please visit www.megapath.com.