A new Government Health IT survey sponsored by Booz Allen Hamilton found that only 56 percent of government health IT and security professionals believe their organizations are in full compliance with current security and privacy requirements, while 60 percent said they have a holistic security strategy in place.
While privacy and security of patient health information has long been a concern of government and the healthcare industry, the growing adoption of health IT and better reporting under the HITECH Act’s expansion of HIPAA privacy and security rules, has heightened security concerns.
Health data breaches in the U.S. increased 97 percent from 2010 to 2011, with an increasing concentration of protected health information (PHI) on unencrypted portable devices being one of the main culprits, according to a 2012 report on PHI Breach Analysis from Redspin, a provider of penetration testing services and IT security audits.
Ilene Yarnoff (Principal, Booz Allen Hamilton): With the rapid adoption of new mobile technologies, such as the iPhone, iPad, and Android devices, organizations face new challenges and risks, as their networks add more access points. A holistic risk management approach, rather than ad hoc process changes, is needed to meet today’s security requirements.
Nearly 80 percent of those surveyed said mobile devices will become more important to their business in the next five years, but only 53 percent said that their organization has a specific risk management plan for the loss of data or sensitive information on mobile devices.
“Until ubiquitous, interoperable, secure industry standards and protocols are approved and widely adopted on the technology side, organizations will need to implement their own security solutions that will allow them to operate securely within their enterprises,” said Natalie Givans, Booz Allen Senior Vice President.
Increasing mobile device security should be part of the broader risk management strategy for each organization. “Hospitals can implement identity and access control solutions, and overlay encryption for clinicians using mobile devices and applications within hospital walls; networks and applications can be secured and monitored to ensure only authorized staff is allowed to view particular patient data and access medical devices,” Ms. Givans said.
The Government Health IT survey, conducted from December 2011 to January 2012, polled 137 individuals from the Department of Health and Human Services, Veterans Affairs, and state and local governments.