“Healthcare organizations are increasingly deploying technologies to increase data security, but continued analysis is crucial in ensuring the proactive prevention of data breaches within hospitals and physician practices,” said Lisa Gallagher, vice president of technology solutions for HIMSS, in a release. “Without these anticipatory measures, security of patient data will remain a core challenge within our nation's healthcare organizations.”
The Web-based survey, the sixth annual by HIMSS, a Chicago-based health information technology industry trade group, was taken by 283 IT and security experts at U.S. hospitals and medical group practices. It was conducted during the fourth quarter of 2013. The survey was funded by Experian Data Breach Resolution, an arm of the credit-reporting agency.
Michael “Mac” McMillan, CEO of CynergisTek, an Austin, Texas-based healthcare data security firm, said the latest HIMSS survey indicates there has been some improvement in security spending since six years ago, when only those “doing a really good job” were spending at 3%. Six years ago, spending levels of 2%, 1% or less were the norm. But even 3% is still not enough, McMillan said
For other industries in which data security is critical—banking, energy, government—“their average spend is between 6% and 12%,” McMillan said.
The survey's 92% compliance finding on risk assessments, McMillan said, doesn't jibe with his experience.
“That's 92% of the people who took the survey, not 92% of the people in the industry,” he said. “Every week I run across organizations where they haven't done an appropriate risk assessment. I don't believe for a second that applies to the industry as a whole.”
Follow Joseph Conn on Twitter: @MHJConn