A recent study conducted by data security firm Vormetric indicates 60% of healthcare IT security executives have increased their data protection budgets. New data security tools will be implemented by 46% of respondents to ensure their organizations are able to catch up with healthcare industry best practices.
For the study, Vormetric polled 1,100 senior healthcare IT security executives. Virtually all respondents – 96% – said that they felt their organization was vulnerable to data threats and 63% of respondents said their organization had already experienced a data breach.
When asked about the main reason for improving data security, 60% said it was due to compliance requirements. 69% of respondents felt that achieving “HIPAA-Compliance” was an extremely or very effective way of protecting sensitive data.
However, while being compliant with HIPAA is important for healthcare organizations to keep data secure, compliance alone will not prevent healthcare data breaches.
A look at the Department of Health and Human Services’ Office for Civil Rights breach portal will show that PHI breaches are all too common. Many of the organizations on the OCR’s ‘Wall of Shame’ believed that they had implemented all of the necessary HIPAA safeguards to keep PHI secure, yet they still experienced a data breach.
Garrett Bekker, a senior analyst at Vormetric and author of the report said “Compliance is only a step towards healthcare IT security,” he went on to say that “being [HIPAA] compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen.”
Tina Stewart, Vormetric’s VP for marketing said, “[Healthcare Organizations] now have to prioritize the safety of patient data and privacy as part of patient care and realize meeting compliance requirements is only a start.”
Respondents were asked about the main barriers that were preventing them from enhancing their security programs and meeting industry best practices. The main issue was a perceived complexity of data security, which Vormetric points out is a common misconception among healthcare IT security professionals.
38% said one of the main problems was staffing. It is not only difficult to find skilled security staff, but also difficult to retain them. Lack of support within their organizations was rated as a major barrier by 33% of respondents. Budgets also prevent many healthcare organizations from hiring the best talent and purchasing the necessary technology to keep data protected. 30% of respondents said funding was a major problem.