Friday, April 27, 2012

Regulatory compliance alone not protecting practices against data breaches



http://ow.ly/ayBJT

An article by Pamela Lewis Dolan posted on the amednews.com website.

This article looks at recent surveys taken of healthcare providers regarding regulatory compliance, and also regarding data security.

The article states, "

The Healthcare Information and Management Systems Society surveyed 250 senior health information technology and data security officers on behalf of Kroll Advisory Solutions, a risk-management firm whose services include data security and data-breach response. The officers reported that they were prepared to meet compliance regulations. On a scale of one to seven, with one being “not at all compliant” and seven being “compliant with all applicable standards,” respondents reported that they were an average of 6.64 in terms of meeting regulations set by the Centers for Medicare & Medicaid Services, a 6.62 for meeting HIPAA regulations, and a 6.41 for meeting state security laws.

However, evidence continues to mount that despite the compliance, health organizations, particularly physician practices, are vulnerable to data breaches. Verizon’s “2011 Data Breach Investigations Report” stated that small organizations, including physician practices, represented the largest number of data breaches in 2011. A previous Kroll report said physician practices were at risk for breaches because they are “the path of least resistance,” with basic security protections overlooked as practices focus on meeting regulatory requirements."

No comments:

Post a Comment