Smartphones Partly to Blame for HIPAA Compliance Issues

Posted: 1/26/2012

According to research from the Ponemon Institute, data breaches rose 32% in 2011. Ninety-six percent of the 72 institutions studied said that they had experienced at least one data breach in the past two years. On average, the study estimates that the studied organizations spent a cumulative $2.2 million in dealing with data breaches, an increase of more than $180,000 from Ponemon's fall 2010 study.



According to the the study, the top causes cited for 2011 data breaches were lost or stolen computing devices (49%), third-party incidents (46%) and unintentional employee action (41%).* Although the report did not specify the percentage of breaches from mobile devices, it did identify them as a common problem, stating, "Widespread use of mobile devices is putting patient data at risk."

"By 2012, there will be very few professional activities that health care professionals won't be doing on their handhelds. Currently, 81% of U.S. physicians own smartphones, and there is strong interest in iPads and other emerging technologies." - Findings From a Study by Manhattan Research
Mobile devices create a security risk in two ways, says Ponemon. First, data can live and be accessed on the device. Second, the device can be used to access files on electronic health record (EHR) systems. A smartphone's small size also makes them easier to lose or misplace.

While 81% of the health care organizations in the study report that they use mobile devices to collect, store, and/or transmit data, 49% said their organizations do nothing to protect the devices. Furthermore, fewer than 24% use encryption software to protect patient information. Fifteen percent of those surveyed are "very confident" and 23% are "somewhat confident" that patient data is protected from being accessed via mobile devices.

Other key findings from the study:

Twenty-nine percent of respondents agree that the prevention of unauthorized access to patient data and loss/theft of such data is a priority in their organizations.
While 90% of health care organizations say breaches cause harm to patients, 65% do not offer protection services for the affected patients.
More than half (55%) of respondents say they have little or no confidence that their organization has the ability to detect all privacy incidents. Fifty-seven percent say they have little or no confidence that their organization could detect all patient data loss or theft.
In addition, the Ponemon study found the percentage of organizations fully implementing or in the process of implementing an EHR system has increased 10% over the last year.

* Survey notes that respondents were allowed to choose multiple answers when asked about the nature of the data breach. Due to this, percentages do not add up to 100%.

Source: "Second Annual Benchmark Study on Patient Privacy & Data Security"

Read Full Article here