The Second Annual Benchmark Study on Patient Privacy & Data Security was just released by Ponemon Institute, a privacy and security research firm based in Traverse City, Mich.
Some of the findings are surprising, if not shocking given the attention and legislation put in place to deal with this topic. Lip service? One is really left to wonder.
The Data
When looking at the data, let’s also keep in mind that the survey targeted data protection professionals, with 43% of respondents holding the title of chief security officer, chief information security officer, chief information officer, chief privacy officer or chief compliance officer. Additionally, the sample was skewed toward larger healthcare organizations, “excluding the plethora of very small provider organizations, including local clinics and medical practitioners,” the report said. There’s a lot of interesting (and highly disturbing) data in the report, but I’ll focus on only a few highlights according to healthcare organizations responding to the survey: 1. 96% have had at least one data breach in the past 24 months. On average organizations have had 4 data breach incidents during the past two years. Breaches increased 32% from the previous year. (96%? Does that not sound a lot like 100%?) 2. The top 3 causes for a data breach are:- lost or stolen computing devices
- third-party snafu
- unintentional employee action.
- 66% agree medical billing personnel do not understand the importance of patient data protection
- 58% say IT personnel do not understand its importance
- In contrast, 58% say administrative personnel do understand the importance of protecting patient data.
- Only 29% of respondents agree that the prevention of unauthorized access to patient data and loss or theft of such data is a priority in their organizations
- Less than one-fourth (23%) said their organization has “encryption solutions installed.”
Email Encryption – a minimum in healthcare prevention for breach of patient data and privacy
Let’s focus for a moment on the last piece of data shown in 4(2) above. Less than one-fourth (23%) said their organization has “encryption solutions installed.” This also means that healthcare organizations are not using email encryption (secure email) to communicate patient information securely. Which also ties into 3rd party snafus as one of the top reasons for patient breaches. It seems that email encryption and secure communication should be at the top of the priority list as one of the first steps in securing patient information. The report cites the following types of compromised patient data:- Medical file
- Billing and insurance record
- Scheduling details
- Prescription details
- Payment details
- Monthly statements
- Email2 provides straightforward secure email encryption, data leak prevention, and e-statement solutions for the healthcare industry using the same security technology as internet banking.
- Email2 enables healthcare organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.
- View our related blog post: 4 ways medical offices can use encrypted email to address compliance and productivity