Healthcare organizations’ security not up to HITECH standards per HIMSS Study

Posted on by

Healthcare organizations’ security not up to HITECH standards per HIMSS Study
Molly Merrill of Healthcare IT News reported on November 4, 2009, “Healthcare organizations aren’t prepared to meet privacy and security standards associated with the American Recovery and Reinvestment Act, according to a new survey.”
Mary Mosquera of Government HealthIT reported on November 4, 2009, “Security budgets are low and organizations lack a plan for responding to threats or a security breach, according to the findings, which were  published Nov. 3. Many healthcare organizations also have not named a chief security officer or chief information security officer.”
Lisa Gallagher, HIMSS’ senior director of privacy and security, wrote a guest column in Government HealthIT on November 4, 2009 entitled “Healthcare needs a security framework.” Gallagher noted “The advent of ARRA has brought long overdue additional statutory requirements for ‘covered entities’ as well as an extension of HIPAA to other entities. ARRA has additional requirements such as: breach notification, accounting of disclosures, new limits on the sale and marketing of personal health information, a right to restrict disclosures and increased enforcement.”

HIMSS Security Survey 2009 Document (pdf)

For another study outlining data security needs at hospitals, see previous e-Healthcare Marketing post.

Note:  Both Healthcare IT News and Government HealthcareIT are published by HIMSS, and the HIMSS survey and report were funded by Symantec.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree