As increasing numbers of hospitals migrate patient records to medical informatics systems, the need for heightened data security has become more important. However, according to the results of a study commissioned by Kroll Advisory Solutions, attitudes toward healthcare IT security may be placing sensitive information at risk, reports Information Week.
The results of the study indicate that although 89 percent of healthcare providers conduct regular security assessments, few major changes are made as a result. Researchers at the Healthcare and Information Management Systems Society (HIMSS), which conducted the study, identified a “checklist” mentality that may be exposing patient health information at risk needlessly.
“Employees at healthcare organizations touch data tens of thousands of times every day, meaning there is a lot of opportunity for data breaches to occur,” Jennifer Horowitz, senior researcher at HIMSS, told the news source. She added that healthcare providers should “have the policies and procedures in place to support a culture in which privacy and security is a top-of-mind focus for organizations.”
Horowitz said increasing pressure for hospitals to comply with federal regulations and attempts to demonstrate meaningful use of medical informatics systems are partially to blame for the checklist security mentality observed in the study. However, she added that many healthcare providers have the means to take action based on the results of security risk assessments, and should strive to do so in the future.
Although data encryption and adequate management of security permissions for healthcare IT personnel are vital to the integrity of data on a hospital’s network, misplaced or stolen hardware can also be a factor in instances of unauthorized data access.
According to eWeek, Emory Healthcare recently reported the loss of 10 backup disks containing medical records of approximately 315,000 surgical patients who received treatment between 1990 and 2007.
The disks went missing from a storage facility at Emory University Hospital in Atlanta, Georgia. Officials from the facility claim the hospital’s healthcare IT network was not hacked or illegally accessed.