A recent survey of 250 health care professionals knowledgeable of data security practices in their organizations showed that while most are aware of their responsibility to protect patient data, often less attention is paid to how the data is protected by outside firms, including collection agencies.
Yet 28% indicated that sharing information with external parties is the top item putting patient data at risk.
The survey, conducted by HIMSS Analytics, showed that of those organizations reporting data breaches in the past 12 months, nearly one in five claimed it was the result of a third party. When it comes to be reactive to data breaches, most health care organizations reported being highly responsive, the survey found.
But when it comes to being proactive about data security, the survey results were less encouraging.
Slightly more than half of respondents indicated they require third-party vendors to conduct periodic risk analyses to find potential holes in their security and a similar percentage requires proof of employee background checks.
“It is likely that these security vulnerabilities have contributed to the rise in third-party breaches seen in 2012,” the report concluded.
HIPAA compliance is high, with 98% of respondents reporting they have signed Business Associate agreements with third-party contractors, the survey found. As part of that agreement, 82% “require third parties to notify them of a [data] breach,” the survey found.
Other survey findings include:
• Human error remains the greatest threat to data security across the health care industry.
• The mobility of patient data – made possible by new technologies and the proliferation of mobile devices in the workplace – is a leading factor in health care data breaches.
• The industry’s expectations of third-party data security practices are not keeping pace with the increased outsourcing of patient data as third-party data breaches rise.