New Study: Electronic Health Information Security A Problem In U.S. Too
From Reuters comes word of a new survey of health information technology professionals that paints a sobering portrait of the state of health information security here in the U.S.:
According to the October 2009 Ponemon report, Electronic Health Information at Risk: A Study of IT Practitioners, 80 percent of healthcare organizations surveyed had experienced at least one incident of lost or stolen electronic health information in the past year - four percent had more than five patient data breaches. More than two-thirds of these healthcare organizations had already digitized at least a quarter of their patient records and a third had digitized more than half.
Electronic medical records promise to improve patient quality of care and safety - as well as reduce costs - but the study showed that IT practitioners don`t believe they have management support to protect patient privacy as a priority.
According to survey respondents:
- 70 percent say senior management does not view privacy and data security as a priority;
- 53 percent say their organization fails to take appropriate steps to protect the privacy rights of patients while less than half judge their existing security measures as "effective or very effective"
- The average cost of a data breach, per patient record, exceeded $210 per compromised record, creating an opportunity for organized computer crime rings to traffic in stolen medical records.
"The majority of IT practitioners in our study don`t believe that their organizations have adequate resources to protect patients` sensitive or confidential information," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "The lack of resources and support from senior management is putting electronic health information at risk."
The study, sponsored by LogLogic and independently conducted by the Ponemon Institute, surveyed 542 senior IT practitioners from healthcare organizations with an average of more than 1,000 employees about how secure they believe electronic patient medical records are.
Clearly, maintaining the security of electronic protected health information (ePHI) is a global problem.