Four out of five healthcare IT pros had at least one data breach last year

October 22, 2009 — 12:28pm ET | By Neil Versel

Tools

Tags
Security Breach
Health Insurance Portability and Accountability Act
LogLogic
Ponemon Institute
Electronic Medical Records
American Recovery and Reinvestment Act
Security
Privacy

Even IT professionals in hospitals are concerned that their organizations aren't doing enough to safeguard electronic patient information, according to a newly released survey. The Traverse City, Mich.-based Ponemon Institute, with the support of security management firm LogLogic, reports that 61 percent of health IT practitioners doubt that their organizations have the resources to meet privacy and security requirements, while 70 percent say senior management isn't making data protection a priority.

Four in five of the 542 IT pros from large healthcare organizations report having had at least one breach of electronic health information in the past year. This is a particularly striking number because more than two-thirds of organizations represented in the survey say that at least a quarter of their patient records are electronic. "The lack of resources and support from senior management is putting electronic health information at risk," Ponemon Institute Chairman Dr. Larry Ponemon says in a written statement.

As part of the research, LogLogic, based in San Jose, Calif., conducted in-depth interviews with health IT security professionals at seven large health systems. For the most part, these people consider the new HIPAA rules brought on by the American Recovery and Reinvestment Act a good, though far from perfect, step in protecting EMR data.

For more on this survey:
- check out this Healthcare IT News story
- download a copy of the study (reg. req.)