You can do whatever you like to lock down your data, but it if they do they do it did buy a block of members of the earth is the work doesn’t go for all it takes is one insider who knows how to unlock it to create a serious security breach.
Results from the 2013 HIMSS Security Survey suggest that despite progress towards hardening security and use of analytics, healthcare organizations must still do more to mitigate the risk of insider threat, such as the inappropriate access of data via employees.
The HIMSS survey, which was supported by The Medical Group Management Association and underwritten by Experian Data Breach Resolution, surveyed 283 information technology and security professionals employed in US hospitals and physician practices. What the researchers found was that the greatest “that motivator” was that of healthcare workers potentially snooping into EMRs to find friends, neighbors, spouses or coworkers.
Given that healthcare IT leaders are particularly concerned about inappropriate use of health data by insiders, you won’t be surprised to hear that there’s been an increase use of several technologies related to access to patient data, including user access control and audit logs in each access to patient records.
But you may be surprised to learn that of the 51 percent of respondents increase the security of the past year, 49 percent of these organizations are still spending just 3 percent or less of their overall IT budget on securing patient data.
Other findings from the HIMSS survey include that healthcare organizations are using multiple means of controlling employee access to patient information; 67 percent use at least two mechanisms, such as user base and role-based controls, for controlling access the data.
[…] Katherine Rourke – “Results from the 2013 HIMSS Security Survey suggest that despite progress towards hardening security and use of analytics, healthcare organizations must still do more to mitigate the risk of insider threat, such as the inappropriate access of data via employees.” […]
Yep, that’s why training is so important.
Did you notice how many time HIPAA Awareness Training was mentioned?
(hint: not once)