The Security of Electronic Health Information Survey

Security of Electronic Health Information Sponsored by LogLogic Presented by Dr. Larry Ponemon Webinar: September 30, 2009

About the study The purpose of the study is to determine from IT security practitioners in healthcare organizations how secure they believe electronic patient health records are – especially those records stored in databases.

The purpose of the study is to determine from IT security practitioners in healthcare organizations how secure they believe electronic patient health records are – especially those records stored in databases.

The survey addressed the following topics The adequacy of the organization’s approach to the security of health information. Senior management’s views about the importance of securing health information. How electronic health information is used by the organization. The database applications that cause the most risk to health information and the difficulty in securing health information in databases. Steps taken to secure health information in databases and their effectiveness. The impact of compliance on the security of electronic health information.

The adequacy of the organization’s approach to the security of health information.

Senior management’s views about the importance of securing health information.

How electronic health information is used by the organization.

The database applications that cause the most risk to health information and the difficulty in securing health information in databases.

Steps taken to secure health information in databases and their effectiveness.

The impact of compliance on the security of electronic health information.

How is the above electronic health information used by your organization? The top five uses

What kinds of database applications cause the most risk to electronic health information? Each bar represents the average ranking where 3 = highest risk and 1 = lowest risk.

How would you rate the effectiveness of the above mentioned data security measures you have in-place for securing electronic health information in databases?

How many of the above data breaches experienced by your organization involved electronic health information stored in a database?

If your organization had a data breach involving the loss or theft of patient health information (say 1,000 or more records), what would this incident cost your company on a per lost record basis? The extrapolated value of a data breach involving EPHI on a per compromised record basis is $211.

Log & Security Management Helps … Visibility – Broad Based Monitoring Access to electronic healthcare records Database activity monitoring Creation/deletion of new user accounts Assigning/changing access rights and privileges Threat monitoring and incident response Forensic analysis (immutable audit trail, electronic evidence)

Visibility – Broad Based Monitoring

Access to electronic healthcare records

Database activity monitoring

Creation/deletion of new user accounts

Assigning/changing access rights and privileges

Threat monitoring and incident response

Forensic analysis (immutable audit trail, electronic evidence)

Log & Security Management Helps … Control – Real-Time Prevention Firewall and network policy (re)-configuration Database firewall – real-time blocking of suspect transactions Database security – virtual patch management

Control – Real-Time Prevention

Firewall and network policy (re)-configuration

Database firewall – real-time blocking of suspect transactions

Database security – virtual patch management

Monitoring Allows You To “Trust But Verify” CONNECTED H OSPITAL Employers Public Health Organizations Laboratories Pharmacies Connected Clinicians Social Services Clinics Emergency / First Responders Suppliers Government and Private Payers Home and Long-Term Care Hospitals

Read The Full Report! You can view the entire webcast on demand at: http://www.loglogic.com/news/webcasts A full copy of the report is available at: www.loglogic.com/resources/analyst-reports/ponemon-electronic-health-info-at-risk/

You can view the entire webcast on demand at:

http://www.loglogic.com/news/webcasts

A full copy of the report is available at:

www.loglogic.com/resources/analyst-reports/ponemon-electronic-health-info-at-risk/

Thank You! For more information or to schedule a demo contact us at: info@loglogic.com