While most healthcare organizations understand their responsibility to protect patient data, they are less vigilant about how that same data is protected by outside contractors, such as collection agencies, according to a recent survey of healthcare professionals.
The survey, conducted by HIMSS Analytics, interviewed 250 healthcare professionals knowledgeable of data security practices and procedures within their respective organization.
The results of the survey showed that of those organizations reporting data breaches in the past 12 months, nearly one in five claimed it was the result of a third party. Twenty-eight percent “indicated that sharing information with external parties is the top item that put patient data at risk.”
The survey found that when it comes to being reactive to data breaches, most healthcare organizations reported being highly responsive. Compliance with HIPAA is high, the survey found, with 98 percent of respondents reporting they have signed Business Associate agreements with third-party contractors. As part of that agreement, 82 percent “require third parties to notify them of a [data] breach,” the survey found.
When it comes to being proactive about data security, the survey results were less encouraging. Slightly more than half of respondents indicated they require third-party vendors to conduct periodic risk analyses to find potential holes in their security and a similar percentage requires proof of employee background checks.
“It is likely that these security vulnerabilities have contributed to the rise in third-party breaches seen in 2012,” the report concluded.