Are healthcare organizations doing a good job of complying with HIPAA and ensuring the privacy and security of patient data?
According to the 2015 Healthcare Information Security Today Survey, published today, an overwhelming majority of respondents – 79 percent - were confident or very confident their organization would “pass” a Department of Health and Human Services HIPAA compliance audit. That indicates they believe they’re making all the right moves.
But are they really?
While the forty-page survey confirms that most organizations are fulfilling the requirements of HIPAA, and the HITECH Act, some organizations still have a number of concerns regarding the security of protected health information (PHI). In fact, 21 percent of survey respondents said they were unsure if they would pass an Office for Civil Rights audit. One of the bigger surprises was that only 56 percent of organizations apply encryption to mobile devices – leaving the other 44 percent of organizations exposed. It’s a surprise given lost and stolen unencrypted devices have consistently been a culprit in HIPAA breaches reported to the U.S. Department of Health & Human Services (the U.S. department that manages the Office for Civil Rights). In fact, the growing use of mobile devices, including BYOD, is cited as the second largest security threat faced by organizations, as shown in the above chart. However, according to the survey, the largest security threat is believed to be associated with business associates taking inadequate security precautions to protect PHI.
This survey should serve as an eye opener to organizations to help better prepare themselves for things such as audits and potential security threats of PHI sent via email and mobile devices, and a good place to start would be identifying the right solutions to safeguard the transfer of PHI via any vehicle.
Full results from the 2015 Healthcare Information Security Today Survey can be accessed here.