A new study from HIMSS Analytics and Kroll Advisory Solutions shows that, a diligent focus on security compliance notwithstanding, healthcare providers are still badly lacking when it comes to privacy protections. In fact, data breaches have only increased in recent years.
According to the 2012 “HIMSS Analytics Report: Security of Patient Data,” increasingly stringent regulatory activity with regard to reporting and auditing procedures – and increased compliance from providers – haven’t done anything to prevent an uptick in breaches over the past six years.
The report is the third iteration of Kroll’s biannual survey of healthcare providers nationwide.
Ironically, it shows increasing confidence on the part of its respondents – which included HIM directors, compliance officers, CIOs and more – that they’re ready for data risks. On a scale of one to seven, with with one being “not at all prepared” and seven being “extremely prepared,” respondents scored themselves an average of 6.40 – compared to 6.06 in 2010 and 5.88 in 2008.
But feeling like one is in adherence with policy prescriptions is not the same as actually protecting personal health information (PHI), says Brian Lapidus, senior vice president for Kroll Advisory Solutions.
“Organizations that have never dealt with one of these issues might think they’re prepared,” says Lapidus. “But when you get into the reality of actually handling the event, it becomes a whole different ballgame.”