Survey: 26% of health IT, medical device business associates have security certification

Health industry vendors invest and maintain security certifications at lower rates that other industry vendors, according to a CORL Technologies report.

Health systems and health plans often contract with hundreds of business associates, according CORL Technologies, many of whom have access to protected health information — meaning that a security breach to a vendor could significantly impact the healthcare organization itself.

For this report, the Atlanta-based vendor security risk management solution provider analyzed 1,000 vendors from its database of more than 30,000 health industry business associates.

Here are three things to know.

1. Vendors in non-healthcare industries — such as Microsoft, Oracle, IBM and Google — have multiple certifications, including a combination of those offered by International Organization for Standardization, Federal Risk and Authorization Management Program and Service Organization Controls.

2. However, there is limited consistency in certifications for health IT and outsourced services. Only 26 percent of health IT, medical device and outsourced service business associates have a security certification, suggesting that 74 percent of these organizations are at risk for a breach.

3. The relevant certifications that are often adopted by health industry vendors include: Statement on Standards for Attestation Engagements No. 16 (24 percent), PCI (23 percent), International Organization for Standardization 27001: 2013 (19 percent) and Service Organization Controls 2 (18 percent).

More articles on health IT:
Study: Biosensors useful for personalized Lyme disease, diabetes care
Noom rolls out Spanish language app for diabetes prevention
San Francisco’s Forward unveils tech-enabled concierge medical practice: 5 things to know

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months