Survey of U.S. Physicians Reveals Cybersecurity and HIPAA Concerns

More than four in five U.S. physicians (83 percent) have experienced some form of cyberattack, according to new survey research released by Accenture and the American Medical Association.

• By Jessica Davis
• Dec 14, 2017

More than four in five U.S. physicians (83 percent) have experienced some form of cyberattack, according to new survey research released by Accenture and the American Medical Association. The findings show concerns in the health care sector about cybersecurity support and data security protections, as well as lingering questions about the Health Insurance Portability and Accountability Act (HIPAA).

Accenture and the AMA surveyed 1,300 physicians in the U.S. about their experience and attitudes toward cybersecurity, data management and HIPAA compliance. They found that cyberattacks at physician practices were common and caused operational interruptions, such as system downtime, increased operational expenses and patient safety risks.

Of those surveyed, 74 percent cited interruption to their clinical practice as a primary concern, and 29 percent of physicians who work in medium-sized practices said it takes up to a full day to recover from a cyberattack. Fifty-three percent of survey responders were concerned about patient safety in future cyberattacks.

Many of the concerns about cybersecurity and data security in physician practices are related to the exchange of electronic protected health information (ePHI) and HIPAA compliance. Two in 3 physicians surveyed believed that more access to patient data would improve care, and 85 percent believed in the importance of sharing ePHI. Eighty-seven percent said they believe their practice is compliant with HIPAA security rules, but two-thirds still had basic questions about HIPAA.

Only 49 percent reported that they had an in-house security official at their practice, and medium and large practices were more likely to have one than smaller practices. Sixty percent of physicians surveyed said they would pay someone to implement a security framework.

"The important role of information sharing within clinical care makes health care a uniquely attractive target for cyber criminals through computer viruses and phishing scams that, if successful, can threaten care delivery and patient safety," AMA President David O. Barbe, MD, said. "More support from the government, technology and medical sectors would help physicians with a proactive cybersecurity defense to better ensure the availability, confidentially and integrity of health care data."

When Accenture and the AMA asked physicians about the kind of support and tools they needed for cyberattack and HIPAA concerns, they said tips for good cyber hygiene, a guide on conducting risk assessment and an easily digestible summary of HIPAA guidelines.