4 Top Vulnerabilities Affecting PHI Security

A new study by the Ponemon Institute identified the top vulnerabilities of healthcare organizations concerning protected health information.

1. Employee negligence. Human error was the biggest vulnerability in protected health information, according to the study. Seventy-five percent of healthcare organizations surveyed reported employee negligence as their biggest worry. The organizations surveyed were most concerned about the employee negligence that could occur from the improper use of mobile devices while on the job. Although 88 percent of the organizations permit employees and medical staff to use their own mobile devices to connect to the organization's networks, 38 percent of the organizations do not take any steps to secure the employees' mobile devices or prevent them from accessing sensitive information.

2. Security gaps with business associates. Healthcare organizations are increasingly reliant on business associates for IT services, claims processing, benefits management and other services, yet 40 percent of the organizations surveyed are not confident that their business associates would be able to properly detect and report a data breach, and only 30 percent of organizations are confident their business associates are appropriately safeguarding patient data as required under the HIPAA Final Rule.

3. Criminal threats. "The latest trend we are seeing is the uptick in criminal attacks on hospitals, which have increased a staggering 100 percent since the first study four years ago," said Larry Ponemon, MD. Cybercriminals are constantly changing and revising their tactics, and staying ahead of the criminal threat is a major challenge for healthcare organizations.

4. Inadequate security surrounding EMRs. The study identified vulnerabilities in protected health information concerning electronic medical records. Nearly 70 percent of the healthcare organizations surveyed believe that the use of EMRs has increased the risk of millions of patients' personal information being compromised due to inadequate security.

 More Articles on Protected Health Information:

8 Top Motivations Behind Intentionally Compromised PHI 
County Pays $215k to Settle Data Breach Claims With HHS
OIG's 2014 Work Plan to Focus on PHI on Networked, Portable Devices 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars