E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: eSecurity Planet

Posted on November 23, 2010

Data breaches at U.S. healthcare organizations cost providers more than $6 billion a year and despite this expensive and embarrassing revelation, the vast majority of hospitals and clinics still lack both the inclination and resources to make protecting patient data a priority.

The findings, detailed in a new report sponsored by security software provider ID Experts and privacy and data protection research firm Ponemon Institute, were derived from interviews with 211 senior managers at 65 U.S. healthcare organizations.

The study found that the average healthcare organization incurred 2.4 significant data breaches in the past two years, costing each hospital more than $2 million per organization. The most common factors resulting in these costly incidents are unintentional employee action, lost or stolen computing devices and third-party error.

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," Larry Ponemon, founder of the Traverse, Mich.-based security research firm, wrote in the report.

Despite the 2009 enactment of the HITECH Act, a piece of legislation that was included as part of the federal stimulus bill that gives regulatory agencies the teeth to enforce security and privacy components of previously passed HIPAA regulations and standards, healthcare providers still aren't doing enough to safeguard patient records.

In fact, according to the study, most aren't even making patient privacy and data security a priority. Seventy percent of hospitals said that protecting patient data is not a top priority and 67 percent reported having less than two staff members dedicated to data protection management.

Fifty-eight percent of respondents said they have "little or no confidence" in their ability to adequately protect patient records and 71 percent admitted they have inadequate resources to implement the technology and procedures required to lockdown millions of individual patient files.

A similar study released in August by security software vendor Imprivata found that most healthcare providers are more concerned with converting reams of paper records to electronic medical records than spending the money and investing the personnel required to prevent data breaches.

"At this point, one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted," Ponemon said. "Instead we found enormous vulnerabilities. The protection of patient data should be at the forefront of their efforts."

Along those lines, 71 percent of senior managers queried said they didn't think the HITECH Act regulations have significantly changed the management practices of patient records.

In an effort to hold hospitals and others responsible for patient data accountable for their lax security practices, some states are handing out stiff fines for repeated security failures.

In June, the California Department of Public Health fined five hospitals a total of $675,000 for failing to secure patient data.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," Rick Kam, president and co-founder of ID Experts, said in the report. "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.