Survey: Unauthorized Access To Patient Data Is Top Healthcare IT Security Concern In 2009
Imprivata Inc. recently announced the results of its second annual national survey, examining Identity Management Trends in Healthcare 2009. The online survey of IT decision makers in the healthcare field highlights some significant trends surrounding security, electronic health records (EHRs), virtualization, healthcare access management and the impact of the global recession on IT budgets, planning and priorities.
Despite economic concerns and reduced IT budgets, patient data security and access management remain top priorities for healthcare organizations in 2009. As healthcare organizations become more acutely aware of the security challenges they face, they’re increasingly turning to strong authentication solutions such strong passwords, biometrics and proximity cards to prevent or defend against patient data breach. Specific survey findings include:
- 62 percent of respondents answered that unauthorized access to clinical applications/patient data is the greatest security concern in 2009.
- Respondents also indicated that outside network intrusion (20 percent) and lack of secure passwords (13 percent) were concerns.
- 85 percent of respondents reported their organization is deploying application passwords to achieve strong authentication for employee access, 27 percent are deploying biometrics and 23 percent are deploying proximity cards.
The Recovery and Reinvestment Act of 2009 will provide funding to strengthen the country’s healthcare IT infrastructure, with significant funds focused on promoting the use of EHRs over the next few years. Respondents showed a clear focus on EHR investment. The survey found:
- 53 percent of respondents noted that their IT budget has decreased due to the economic conditions -- either slightly or significantly.
- When asked to name their top three 2009 IT investment priorities, electronic health records (EHRs) topped the list at 73 percent, followed by security at 53 percent and network upgrade at 48 percent.
- 33 percent of respondents state that 75-100 percent of their medical records are in EHR format, and another 22 percent say that 51-75 percent of their records are in EHR format.
- 87 percent of respondents plan to transfer all patient data into EHR format within two years.
- 52 percent of respondents acknowledge their organization is subject to state requirements for strong authentication for identity verification at the point of electronic prescription drug order placement.
Fast access to patient data is critical for timely attention to patient needs, and is a significant factor in determining physician satisfaction. As the number of employees and clinical applications in an organization grows, password management across identities, applications and facilities is critical in ensuring enterprise security. These concerns are amplified as organizations turn to new technologies, such as virtual desktop infrastructure (VDI), to improve employee access to applications and information. Of note from the findings:
- 54 percent of respondents report that passwords and time-to-access patient data impacts physician satisfaction very much, with another 37 percent noting it as an influence.
- 42 percent of respondents report that they either currently have or are considering deploying a VDI environment
Other Notable Findings:
- 53 percent of respondents in 2009 spend between 11-40 percent of their time on compliance, up from 40 percent in 2008.
- 97 percent of respondents in 2009 claim HIPAA compliance is either an influence or strong influence of IT purchasing decisions.
- 54 percent of respondents either have or are implementing a user account provisioning system in their environment, and 65 percent state that it is important or very important to incorporate clinical context management for synchronized patient context across applications.