One-third of recently surveyed physician practices and 14% of surveyed hospitals do not conduct a regular security risk analysis of their electronic health information.
That's one finding from the Healthcare Information and Management Systems Society's 2010 HIMSS Security Survey, now in its third year. Intel Corp. sponsored the survey, and the Medical Group Management Association encouraged physician participation.
Results come from 272 information security professionals who participated in the Web-based survey between Sept. 10 and Oct. 8. Among the results:
- Seventeen percent of responding practices and 38% of hospitals have had at least one known case of medical identity theft;
- Two-thirds of all respondents have a plan in place to response to breaches;
- On a scale of one to seven, with seven a high level of maturity, respondents gave an average score of 4.43 for their organization's security environment;
- More than half of responding hospitals and 40% of practices use two or more types of data access controls; and
- Mobile device encryption, e-mail encryption and single-sign-on are the top planned security technologies for organizations currently without those technologies.
The full survey is available
Goedert is the news editor of Health Data Management, a SourceMedia publication.Follow EBN on:
