E-Health Records: Privacy Diagnosis Poor

A new survey shows 80 percent of health care organizations reported a data breach within the last year. Perhaps even more disturbing, IT professionals claim management support to protect patient privacy as a priority is lacking.

The vast majority of health care organizations experienced at least one incident of lost or stolen electronic health information in the past year, and 4 percent had more than five patient data breaches, according to a new survey by LogLogic and the Ponemon Institute. Of the 80 percent that reported a data breach, more than two-thirds had already digitized at least a quarter of their patient records and a third had digitized more than half.
In addition to the privacy breaches, the survey revealed that IT practitioners don't believe they have management support to protect patient privacy as a priority, with 70 percent saying senior management does not view privacy and data security as a priority. More than half (53 percent) say their organization fails to take appropriate steps to protect the privacy rights of patients, while less than half judge their existing security measures as effective or very effective.
"The majority of IT practitioners in our study don't believe that their organizations have adequate resources to protect patients' sensitive or confidential information," Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, said in a statement. "The lack of resources and support from senior management is putting electronic health information at risk."
In addition to the Ponemon Institute study, LogLogic also surveyed health care IT security professionals about their role as the last line of defense in protecting patient privacy to understand how they balance the benefits of electronic medical records while also instituting practices and technology solutions to guard patient confidentiality. Survey respondents said that the new HIPAA (Health Insurance Portability and Accountability Act) rules, while not a perfect security solution, are a good start in improving the protection of electronic patient records.

The new HITECH (Health Information Technology for Economic and Clinical Health) Act offers billions of dollars in federal assistance to encourage adoption of electronic health record systems.