April 14, 2012, 7:50 AM — A bi-annual survey of 250 healthcare organizations shows that the percentage experiencing a patient data breach is up. And with the growth in electronic records-keeping, more of those problems are originating from laptops and mobile devices rather than a human slip-up in handling paper documents.
Background: High-tech healthcare technology gone wild
"Use of new technologies, in particular mobile devices in the workplace, have skyrocketed, creating new operational efficiencies and security vulnerabilities," noted the survey report, entitled the "2012 HIMSS Analytics Report: Security of Patient Data." The organization Healthcare Information and Management Systems Security also pointed out, "As mobile devices proliferate in exam rooms and administrative areas, so do the associated vectors of potential attack. Adding to this are the risks from employee negligence and organizational policies that have not kept pace with ever-changing technology."
The survey, commissioned by Kroll Advisory Solutions, asked chief information officers, health information managers, chief privacy officers and chief security officers working at 250 hospitals and medical centers about the number of data breaches they knew about over the past 12 months.
The survey found 27% of the respondents had at least one security breach over the past year, up from 19% in 2010 and 13% in 2008. The survey found 79% were attributed to employees, while most others were chalked up to actions from outsourced or contract employees. Over half of the problems were identified as "unauthorized access to information," typically the patient's name and birth date, by an individual.
While misuse of paper records, including their "improper destruction," was blamed over 40% of the time, the survey did show that computer-based security issues are multiplying fast, with the source of data attributed to actions or loss related to a laptop or handheld device about 22% of the time, up from 11% in 2010. Problems with data breaches related to third-party vendors storing healthcare data is also growing, reported this year at 10%, up from 6% in 2010. In contrast, network breaches attributed to outside attacks was about 3%.