Security Slideshow: Electronic Medical Records: No Vaccine Against Breaches

By Bob Violino  |  Posted 11-15-2010

Electronic Medical Records: No Vaccine Against Breaches

Multiple breaches29% of respondents say their organizations have had more than five data breaches in the past two years.

Electronic Medical Records: No Vaccine Against Breaches

Electronic Medical Records: No Vaccine Against Breaches - Page 2

2.4The average number of data breach incidents per healthcare facility over the past two years? 2.4

Electronic Medical Records: No Vaccine Against Breaches  - Page 2

Electronic Medical Records: No Vaccine Against Breaches - Page 3

61%61% of data breach incidents involve fewer than 100 records.

Electronic Medical Records: No Vaccine Against Breaches  - Page 3

Electronic Medical Records: No Vaccine Against Breaches - Page 4

Lack of notification38% of respondents say no patients were notified of data breaches.

Electronic Medical Records: No Vaccine Against Breaches  - Page 4

Electronic Medical Records: No Vaccine Against Breaches - Page 5

Cause of Breaches (% respondents)Unintentional employee action (52%)Lost/ stolen computing devices (41%)Third-party problems (34%) Technical system glitches (31%).

Electronic Medical Records: No Vaccine Against Breaches  - Page 5

Electronic Medical Records: No Vaccine Against Breaches - Page 6

47%47% of respondents say employee detection is the primary way data breaches are discovered.

Electronic Medical Records: No Vaccine Against Breaches  - Page 6

Electronic Medical Records: No Vaccine Against Breaches - Page 7

Confidence CrisisRespondents say they have little (35%) or no (23%) confidence that their organization has the ability to detect all patient data loss or theft. Only 11% say they are very confident.

Electronic Medical Records: No Vaccine Against Breaches  - Page 7

Electronic Medical Records: No Vaccine Against Breaches - Page 8

13%Only 13% of respondents say their ability to resolve a data breach incident is immediate or within one week; 37% say it took six months or longer to resolve the incident.

Electronic Medical Records: No Vaccine Against Breaches  - Page 8

Electronic Medical Records: No Vaccine Against Breaches - Page 9

Staff shortfall28% of respondents say they have no staff dedicated to managing data protection activities. Thirty-five percent say they have fewer than two dedicated staff members.

Electronic Medical Records: No Vaccine Against Breaches  - Page 9

Electronic Medical Records: No Vaccine Against Breaches - Page 10

Ad hoc processesThe process for preventing and detecting data breach incidents is "ad hoc," according to 35 percent of respondents.

Electronic Medical Records: No Vaccine Against Breaches  - Page 10

Electronic Medical Records: No Vaccine Against Breaches - Page 11

Technology and policiesOnly 16% of respondents say their data breach protection process relies on security technologies; 23% say it relies on policies and procedures.

Electronic Medical Records: No Vaccine Against Breaches  - Page 11

Electronic Medical Records: No Vaccine Against Breaches - Page 12

Who's in charge? (% respondents) Compliance department (34%)IT (12%)IT security team (11%)No single person/department (23%)

Electronic Medical Records: No Vaccine Against Breaches  - Page 12

Electronic Medical Records: No Vaccine Against Breaches - Page 13

Why breaches occur? (% respondents) Inadequate budget for security and privacy (51%)Lack of trained staff and end users (49%).

Electronic Medical Records: No Vaccine Against Breaches  - Page 13

Electronic Medical Records: No Vaccine Against Breaches - Page 14

56 percent56 percent of respondents say they need help to assess their risks and procedures to make sure they are compliant with security standards.

Electronic Medical Records: No Vaccine Against Breaches  - Page 14

Electronic Medical Records: No Vaccine Against Breaches - Page 15

Big losses23% of respondents say data breaches over the past two years cost their organization between $1 million and $10 million.

Electronic Medical Records: No Vaccine Against Breaches  - Page 15

Electronic Medical Records: No Vaccine Against Breaches - Page 16

What's the harm to patients? (% respondents)Personal health facts will be disclosed (61%)Increased risk of financial identity theft (56%)Increased risk of medical identity theft (45%)

Electronic Medical Records: No Vaccine Against Breaches  - Page 16