Meaningful Use Update
Security – What You Need to Know and Updates
Healthcare IT Planning
· Theft / Loss (46%)
· Insider Misuse (15%)
· Misc. Error (12%) This includes misdelivery, disposal errors, misconfiguration and malfunction.
· Point of Sale Device Intrusion (9%)
A report from Ponemon Institute, commissioned by ID Experts, titled Fourth Annual Benchmark Study on Patient Privacy and Data Security was published in March 2014. Key findings include:
· 90% of the organizations who responded to the study reported at least one breach of patient information in the previous two years.
· 38% had more than five breaches.
· Misc. Error (12%) The estimated average economic impact to each healthcare organization is $2,000,000 over a two-year period.
· Criminal attacks are up 100% since 2010 (still a small portion of the breaches, but growing).
· Employee negligence is the biggest concern of those who responded.
How does this threat intelligence guide us as we think about the HIPAA and Meaningful Use requirements to ensure cybersecurity? The short answer is that healthcare organizations (and their business associates) need to make it a higher priority to improve their cybersecurity practices. This will require development of a plan and may require additional investment in security tools, training and staff devoted to cybersecurity. A risk assessment (which is required by HIPAA and Meaningful Use) can identify specific cybersecurity risks that need to be addressed, but a roadmap or plan should be developed to close gaps identified in the risk assessment.This is referred to as a risk management plan.