New Survey Highlights Security Risks Facing Health IT and Security Professionals

Rapid adoption of mobile technologies brings new challenges to health care settings

HIMSS12

MCLEAN, Va.--()--A new Government Health IT survey sponsored by Booz Allen Hamilton found that only 56 percent of government health IT and security professionals believe their organizations are in full compliance with current security and privacy requirements, while 60 percent said they have a holistic security strategy in place.

While privacy and security of patient health information has long been a concern of government and the healthcare industry, the growing adoption of health IT and better reporting under the HITECH Act’s expansion of HIPAA privacy and security rules, has heightened security concerns.

Health data breaches in the U.S. increased 97 percent from 2010 to 2011, with an increasing concentration of protected health information (PHI) on unencrypted portable devices being one of the main culprits, according to a 2012 report on PHI Breach Analysis from Redspin, a provider of penetration testing services and IT security audits.

“With the rapid adoption of new mobile technologies, such as the iPhone, iPad, and Android devices, organizations face new challenges and risks, as their networks add more access points,” said Ilene Yarnoff, Principal, Booz Allen Hamilton. “A holistic risk management approach, rather than ad hoc process changes, is needed to meet today’s security requirements.”

Nearly 80 percent of those surveyed said mobile devices will become more important to their business in the next five years, but only 53 percent said that their organization has a specific risk management plan for the loss of data or sensitive information on mobile devices.

“Until ubiquitous, interoperable, secure industry standards and protocols are approved and widely adopted on the technology side, organizations will need to implement their own security solutions that will allow them to operate securely within their enterprises,” said Natalie Givans, Booz Allen Senior Vice President.

Increasing mobile device security should be part of the broader risk management strategy for each organization. “Hospitals can implement identity and access control solutions, and overlay encryption for clinicians using mobile devices and applications within hospital walls; networks and applications can be secured and monitored to ensure only authorized staff is allowed to view particular patient data and access medical devices,” Givans said.

The Government Health IT survey, conducted from December 2011 to January 2012, polled 137 individuals from the Department of Health and Human Services, Veterans Affairs, and state and local governments.

The full survey, and accompanying white paper, “Achieving Cyber Health: Building a Strategy for Successful Healthcare Transformation,” were released during the 2012 Healthcare Information and Management Systems Society (HIMSS) Annual Conference and Exhibition in Las Vegas, NV. For more information, please visit www.boozallen.com/health.

About Booz Allen Hamilton

Booz Allen Hamilton (www.boozallen.com) is a leading provider of management and technology consulting services to the U.S. government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, 2011 (NYSE: BAH).

Contacts

Booz Allen Hamilton
Carrie Lake, 703-377-7785
lake_carrie@bah.com

Release Summary

A Government Health IT survey found that only 56 percent of government health IT and security professionals believe their organizations are in full compliance with current security and privacy reqs.

Contacts

Booz Allen Hamilton
Carrie Lake, 703-377-7785
lake_carrie@bah.com