Welcome to the SecAware blog

I spy with my beady eye ...

22 Feb 2012

More healthcare privacy incidents involving portable devices

Redspin's Breach Report 2011 - Protected Health Information examines data from the U.S. Department of Health & Human Services' Office for Civil Rights on privacy incidents affecting at least 500 individuals.

The data arises from US health organizations' obligation to report serious privacy incidents to the Secretary of Health and Human Services under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The report emphasizes the prevalence of incidents involving portable devices, and mentions the need for awareness (or rather "user training acceptance and enforcement"):

A whopping 39% of all PHI breaches to date have occurred on a laptop or other portable media, the easiest type of device for thieves to steal or employees to lose. While stricter policies and more encryption are necessary, both require user training acceptance and enforcement. The problem is likely to get worse before it gets better. Portability is here to stay. Smartphones, iPads, and other tablets are now in use in 80% of healthcare organizations. The BYOD (“bring your own device”) revolution is well underway, yet 50% of respondents in a recent healthcare IT poll say nothing is being done to protect data on those devices [Study on Patient Privacy and Data Security, Ponemon Institute, December 2011].

Gary (Gary@isect.com)

No comments:

Post a Comment