70% of small providers can’t afford to protect patient data
Keeping electronic patient data safe from security attacks is a challenge for all healthcare organizations, but it’s especially difficult for smaller providers that often have a harder time finding the resources to improve security.
Those organizations often struggle to get their security plans up to par, according to a recent report from the Ponemon Institute, “Data Security in Small Healthcare Organizations.”
The size of those providers doesn’t seem to make them any less of a target for data thieves, as 91% have suffered a data breach, and 23% have had a medical identity theft incident after information was stolen, according to the survey of 708 healthcare organizations with no more than 250 employees.
While the organizations surveyed take steps to protect data, they’re severely limited by budgetary concerns. Only 30% said they have the resources they need to make sure security and privacy requirements are met.
That means those providers often don’t have access to the same security tools or personnel that can help protect data at larger organizations.
However, there are some steps smaller providers can take to improve their information security, such as:
- Get management on board — Just 31% of respondents said their organization’s owners and management view privacy and security as a top priority. IT can help reverse that trend by showing those decision makers how security investments pay off, such as by avoiding costly breaches and fines and improving patient trust.
- Get doctors on board — Lack of clinician support was the top barrier to improving security, cited by 74% of respondents. Explain to doctors that protecting patient data should be part of their jobs.
- Train employees — Negligent employees with access to sensitive data were ranked as the top security threat in the organization by 48% of respondents. Employees should not only be told how to keep data secure, but they also need to understand the consequences of not following security procedures.
- Put someone in charge — 35% said no one person has overall responsibility for protecting patients’ health information. Having one person or a group that’s held accountable for data protection could help keep security plans from slipping through the cracks amid everything else healthcare organizations must deal with.
- Who’s liable after patient data is breached?
- Experts predict more lawsuits, data breaches against healthcare providers in 2012
- Study: Providers want health information exchanges, but lack budgets to deploy them
- 5 ICD-10 tasks providers should have finished by now
- Help doctors use social networking safely: 3 keys
Below are a few free resources you may find useful.