the security of electronic health information survey
Post on 18-Nov-2014
779 Views
Preview:
DESCRIPTION
TRANSCRIPT
Page 1
The Security of Electronic Health Information Survey
Security of Electronic Health Information
Sponsored by LogLogicPresented by Dr. Larry Ponemon
Webinar: September 30, 2009
About the study
• The purpose of the study is to determine from IT security practitioners in healthcare organizations how secure they believe electronic patient health records are – especially those records stored in databases.
The survey addressed the following topics
• The adequacy of the organization’s approach to the security of health information.
• Senior management’s views about the importance of securing health information.
• How electronic health information is used by the organization.• The database applications that cause the most risk to health
information and the difficulty in securing health information in databases.
• Steps taken to secure health information in databases and their effectiveness.
• The impact of compliance on the security of electronic health information.
How is the above electronic health information used by your organization?
The top five uses
67%
60%58%
54% 53%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Billing & payments Insurance verif ication Marketing &communications
Patient relations Patient care (clinical)
What kinds of database applications cause the most risk to electronic
health information?
1.9
2.5
1.6
0.0
0.5
1.0
1.5
2.0
2.5
3.0
Administrative applications such aspatient scheduling systems
Business applications such as billing andinsurance processing
Clinical applications such as physiciannotes, prescriptions or diagnostic
reports
Each bar represents the average ranking where 3 = highest risk and 1 = lowest risk.
How would you rate the effectiveness of the above mentioned data security measures you
have in-place for securing electronic health information in databases?
19%
24% 25%24%
9%
0%
5%
10%
15%
20%
25%
30%
Very effective Effective Somew hat effective Not effective Unsure
How many of the above data breaches experienced by your organization involved electronic health
information stored in a database?
33%
19%
16%
10%
8%
5%
9%
0%
5%
10%
15%
20%
25%
30%
35%
More than 90% 75% to 90% 50% and 74% 25% and 49% 10 and 24% Less than 10% None
If your organization had a data breach involving the loss or theft of patient health information (say 1,000 or more records), what would this incident cost your
company on a per lost record basis?
6%
9%
19%
30%
10%
3%
12%
0%
5%
10%
15%
20%
25%
30%
35%
Less than $50 $50 to $100 $101 to $150 $151 to $200 $201 to $250 $251 to $300 More than $300
The extrapolated value of a data breach involving EPHI on a per compromised record basis is $211.
Page 10Page 10
Log & Security Management Helps …
» Visibility – Broad Based Monitoring » Access to electronic healthcare records» Database activity monitoring» Creation/deletion of new user accounts» Assigning/changing access rights and privileges» Threat monitoring and incident response» Forensic analysis (immutable audit trail, electronic evidence)
Page 11Page 11
Log & Security Management Helps …
» Control – Real-Time Prevention» Firewall and network policy (re)-configuration» Database firewall – real-time blocking of suspect
transactions» Database security – virtual patch management
Page 12Page 12
CONNECTED HOSPITAL
Employers
Public Health Organizations
Laboratories
Pharmacies ConnectedClinicians
Social Services
Clinics
Emergency / First Responders
Suppliers
Government and Private Payers
Home and Long-Term Care
Hospitals
Monitoring Allows You To “Trust But Verify”
Page 13Page 13
Read The Full Report!
» You can view the entire webcast on demand at:
http://www.loglogic.com/news/webcasts» A full copy of the report is available at:
www.loglogic.com/resources/analyst-reports/ponemon-electronic-health-info-at-risk/
Page 14
Thank You!For more information or to schedule a demo contact us at:
info@loglogic.com
top related