DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HIMSS Survey: Business Associates not up to speed on HITECH

Posted on November 17, 2009 by Dissent

Today, HIMSS released a new report, 2009 HIMSS Analytics Report: Evaluating HITECH’s Impact on Healthcare Privacy and Security.

Commissioned by ID Experts, HIMSS surveyed senior information technology (IT) executives, Chief Security Officers, Chief Medical Information Officers (CMIOs), Chief Information Security Officers and Chief Privacy Officers at hospitals throughout the United States.They also surveyed business associates about the impact of the HITECH Act, data breach and patient exposure, and what healthcare organizations are doing. A total of 150 respondents from a provider organization and 26 individuals from an organization that has a business associate relationship with provider organizations participated in this research, which was conducted in August and September of 2009. Approximately half of survey respondents work for organizations with fewer than 100 beds. Slightly less than a third work for organizations with between 100 and 299 beds. The final 14% of respondents work for a hospital with 300 or more beds.

Among the key findings:

  • “Business associates” pose the largest threat to patient data security, putting patients and privacy at risk. Business associates include those who have access to patient data and include pharmacy chains, benefits administrators, claims adjusters, firms who handle mailings to patients, and insurance companies, among others. Somewhat amazingly, over 30% of business associates surveyed did not know the HIPAA privacy and security requirements have been extended to cover their organizations.
  • Given that organizations will now be under increased mandate to disclose and notify individuals of breaches (although the interim rule introduced a “harm” standard not in the actual legislation), hospitals should be looking at the security and privacy practices of their business associates. The survey found that 85% of hospitals indicated they will take action to protect their patient data that is held by a business associate, while a full 39% of business associates admitted they did not know what actions hospitals are taking. In addition, business associates were unaware that 47% of hospitals would terminate their contracts for violations.
  • Somewhat surprisingly, non-IT respondents were more aware of data breaches than IT respondents. The survey found that non-IT respondents reported that their organization had experienced twice as many data breaches as IT respondents (41% vs. 22%).
  • While hospitals are widely providing training for their employees, they are not always monitoring that employees are complying with the organization’s policies and procedures on which they were trained. Nearly all respondents reported that they perform employee privacy and security training to protect against data breach risk. However, less than three-quarters of respondents at hospitals that conducted a risk assessment indicated that information on employee compliance is part of the risk assessment.

Read the press release here. Visit http://www.idexpertscorp.com/breach/download/?altid=b_himms_download&cid=prhimss1117 for a free copy of the HIMSS Analytics study.

Cross-posted from PHIprivacy.net

Related posts:

  • Electronic Health Data Breaches Remain Primary Concern Despite Increased Use of Security Technologies and Analytics – Survey
  • Gaps In Hospital Security Policies Put Patient Data At Risk
  • What’s the impact of ransomware attacks on healthcare entities? Did you ask the people who really know?
  • New Ponemon study: patient data inadequately protected, many hospitals do not notify patients of breaches
Category: Commentaries and AnalysesHealth DataU.S.

Post navigation

← Starbucks Data Breach Plaintiffs Try Their Luck in the Ninth Circuit
UK mobile phone data ‘was sold’ (Update 1) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.