The fourth annual HIMSS Security Survey showed that half of respondents spend 3% or less of overall IT budgets on health care information security. It’s important to note that this number is up from last year, and is largely due to mandates from the federal government such as HIPAA 5010, according to HIMSS.
The report noted that these mandates have increased the need for resources pertaining to information security. One of the mandates is risk analysis, which requires eligible hospitals and providers participating in the EHR incentive program to report that they’ve protected EHR data. Over three-quarters of respondents reported that their entity executes an analysis to assess the risks to patient data, according to the HIMSS report.
Risk management has become a hot topic. SearchHealthIT.com’s Data Privacy and Security Report looked at how HIPAA compliance mandates are leading providers to ramp up their technology and, specifically, which technologies they’re purchasing in the next year to meet HIPAA compliance. Some 19% of respondents said they plan to purchase risk management technology.
Another security measure that both surveys looked at is user authentication and access management. According to the HIMSS survey, nearly all of respondents reported that their entity have technology in place to monitor how staff is accessing electronic patient information. Role-based and user-based controls are the most widely used among respondents, too. The Data Privacy and Security Report found that 38% of respondents plan to purchase technology for access management safety.
Both surveys revealed similarities in mobile device security. About 45% of respondents said they plan to purchase mobile device technology, according to the Data Privacy and Security Report. On the other hand, just over 44% of respondents to the HIMSS Security Survey said they currently have some type of mobile device encryption.
Additionally, information security will need to be heightened as the health industry moves toward health information exchanges (HIEs). In fact, health organizations intend to exchange data with HIEs and regional health information organizations (RHIOs), public health agencies and personal health record (PHR) vendors, according to the HIMSS report. Only 4% of respondents said they plan to share no data for the time being.