Healthcare Security Survey

• Three-quarters of organizations that did conduct risk assessments found patient data at risk due to inadequate security controls, policies and processes.
• Risk assessments is the primary tool used for monitoring and measuring security controls in healthcare IT.
• The respondents scored themselves a modest 4 out of 7 for maturity of the security environment, on average on a 1-7 scale.
• Results relating to the HITECH act (privacy/security):
• Only 50% have a plan to respond to a security breach.
• Only 67% utilize encryption (which can provide a “safe harbor” from breach notification)
• E-mail encryption is however on top of the list for planned future installations.

Read more in the full report: http://www.himss.org/content/files/HIMSS2009SecuritySurveyReport.pdf