With healthcare data breaches being reported on a seemingly regular basis, it should come as no surprise that the issue of health data privacy is commonly brought to the forefront of industry discussion. More providers are integrating EMRs, creating BYOD and mobile device policies, and even patients are becoming more involved in how their information is used.
But will health data privacy and security still be as large of a problem in 2016? It may be too soon to say for sure, but a recent survey indicates that while the cause of the majority of health data breaches is changing, organizations still need to remain aware of potential issues.
The 2015 Privacy & Security Survey by ID Experts found that nearly 60 percent of individuals surveyed believe that employee negligence is their biggest privacy and security threat. Cyber criminals or hackers were listed as the second largest issue, cited by approximately 25 percent of respondents.
More than one-third of those surveyed also said that up to 25 percent of their security incidents involved PII or PHI, while approximately 25 percent reported that 50 to 74 percent of data security incidents involved PII or PHI.
The survey also showed healthcare is believed to still be a top target in 2016. While 2015 has been dubbed the year of the “Healthcare Hack,” according to the report, over 50 percent of respondents said that healthcare will be at the most risk in 2016. Energy & Utility, Government, and Finance were the next industries believed to be at the most risk, the survey showed.
ID Experts also discussed how organizations are going to approach protecting against potential data threats. The survey stated that just over 40 percent of respondents reported that their privacy budget would increase up to 25 percent next year, while approximately one-third said that their organization’s privacy budget would not change at all.
Another privacy survey that was conducted by ISACA indicated that organizations may not be doing enough to protect consumer information. For the survey, ISACA gathered responses from 780 individuals in various sectors, including healthcare or medical, financial or banking, and technology services.
A lack of training, or poor training, was the most common privacy failure in an organization, according to respondents. Over half of those interviewed listed this as the most common privacy failure, while approximately 48 percent reported that a data breach or leakage, as well as not performing a risk analysis were also top issues.
“Training is critical to a successful privacy program,” the report explained. “Ensuring that employees are informed on the importance of data security, the consequences of a privacy breach, and how to avoid sharing of confidential and insider information can make a significant contribution toward developing a positive ‘compliance culture’ within the enterprise.”
However, the survey also showed that approximately 75 percent of respondents said that their organization mandates privacy policies, procedures, standards and other management approaches. Just 19 percent of those interviewed said that such practice is “recommended.”
“This finding is a reflection of good practice because written policies and procedures should be at the heart of every enterprise, regardless of size,” according to the report. “Only having formal, documented policies and procedures is not enough; they must also be verified periodically to ensure that they are operating effectively.”
Sign up to receive our newsletter and access our resources
Title: Will Health Data Privacy, Security Issues Improve in 2016?
Source: news from Healthcare Privacy
Author: KI Design Magazine