According to a study from Ponemon and MegaPath, negligent employees and failure to meet compliance needs are the key reasons that more than 90-percent of the small healthcare networks included in the study suffered a breach last year.
The study, which included 708 IT and administrative practitioners in the segment, 91-percent reported at least one data breach in 2011, with 23-percent of those reporting at least one case of patient medical identity theft as a result.
'We found that, while a majority of respondents agree that their organizations are taking the appropriate steps to protect the privacy and rights of patients and comply with HIPAA requirements, only 31 percent believe that their management views privacy and data security as a top priority,' said Dr. Larry Ponemon, Ph.D., Chairman and Founder, The Ponemon Institute.
'Surprisingly, only 30 percent agree that they have adequate resources to ensure that privacy and data security requirements are met.'
Moreover, there is a clear lack of definition when it comes to responsibility, as one-third of those who took part in the MegaPath-funded study said that no one person has overall responsibility for protecting patent data. This is on top of the 70-percent in the study that reported that their organizations lack the funding to meet governance, risk management and compliance requirements.
Part of the issue, something that most medical professionals can agree with, is that the smaller healthcare practices are behind when it comes to technology. Case in point, those included in the study reported that patient information is still stored paper form in most cases, rather than something that can be better secured. Perhaps this is why nearly half of the participants said that when it comes to funding, less than 10-percent of the IT budget actually goes towards security.
'Healthcare organizations across the country face an aggressive threat landscape and strict compliance mandates that, coupled with limited IT budgets, stretch the effectiveness of their security teams and technologies,' said S.L. Sweet, Director Managed Services, MegaPath.
The full report is online, but registration is required.