Health Care Organizations Slow to Adopt Data Security Measures: PwC

By CIOinsight  |  Posted 09-26-2011

Consulting firm PwC's Health Research Institute has come out with a report revealing that health organizations are underprepared to secure patient medical information.

The report, "Old Data Learns New Tricks: Managing Patient Privacy and Security on a New Data-Sharing Playground," shows that despite advances in electronic health records (EHRs) software and security technology, health care organizations have yet to adopt privacy measures on a large scale.

For the survey, PwC interviewed 600 executives from hospitals, physician practices, health insurers and pharmaceutical and life science companies.

Only 58 percent of providers and 41 percent of health insurers train employees on privacy measures for EHRs, PwC reports.

Health care companies are underprepared because they've underinvested in IT and focused on legal and regulatory compliance under HIPAA instead, according to James Koenig, director and co-leader of the health information privacy and security practice at PwC.

"Now that there are law changes and IT changes to stimulate electronic health records, now's the time for these organizations to address and to mature their environment," Koenig told eWEEK.

EHRs are both an enabler of IT progress but a risk concern as far as data privacy, according to Koenig.

"By maintaining the larger databases, you increase the amount of information that could be at risk by pursuing these paths, and by maintaining privacy and security, the rewards of increase patient care and quality and cost-effectiveness are enabled because this data hasn't been available or aggregated for analysis previously," he explained.

Despite health care organizations being underprepared, advances in access controls, encryption and monitoring related to EHR application development are happening faster than in other industries, Koenig said.

"Surprisingly, an industry that had been in many cases behind the curve in terms of investment in this area, now, because of the law and new uses and sharing of information, some of the latest innovations are coming from health care as opposed to financial services--so it's an interesting change," he said.

PwC announced the results of its survey on Sept. 22.

A big security issue for respondents was insiders improperly accessing health data. Over the last two years, 40 percent of providers surveyed reported a breach due to insider snooping or sharing of information. These incidents can include chatting in an elevator or through social media.

In addition, health care organizations are grappling with how to handle security on mobile devices such as iPads, with 55 percent of respondents of health care firms not formulating plans for security on mobile devices.


To read the original eWeek article, click here: Health Care Organizations Underprepared to Secure Patient Data: PwC