Page 1
The Security of Electronic
Health Information Survey
Security of Electronic Health Information
Sponsored by LogLogic
Presented by Dr. Larry Ponemon
Webinar: September 30, 2009
About the study
• The purpose of the study is to determine from IT security
practitioners in healthcare organizations how ...
The survey addressed the
following topics
• The adequacy of the organization’s approach to the security of
health informat...
How is the above electronic health
information used by your organization?
The top five uses
67%
60%
58%
54% 53%
0%
10%
20%...
What kinds of database applications
cause the most risk to electronic
health information?
1.9
2.5
1.6
0.0
0.5
1.0
1.5
2.0
...
How would you rate the effectiveness of the
above mentioned data security measures you
have in-place for securing electron...
How many of the above data breaches experienced
by your organization involved electronic health
information stored in a da...
If your organization had a data breach involving the
loss or theft of patient health information (say 1,000
or more record...
Page 10Page 10
Log & Security Management Helps …
» Visibility – Broad Based Monitoring
» Access to electronic healthcare r...
Page 11Page 11
Log & Security Management Helps …
» Control – Real-Time Prevention
» Firewall and network policy (re)-confi...
Page 12Page 12
CONNECTED
HOSPITAL
Employers
Public Health
Organizations
Laboratories
Pharmacies
Connected
Clinicians
Socia...
Page 13Page 13
Read The Full Report!
» You can view the entire webcast on demand at:
http://www.loglogic.com/news/webcasts...
Page 14
Thank You!
For more information or
to schedule a demo contact us at:
info@loglogic.com
Upcoming SlideShare
Loading in …5
×

The Security of Electronic Health Information Survey

668 views

Published on

A new study reveals that the push for Electronic Medical Records puts patient privacy at risk. The Ponemon Institute and LogLogic surveyed hospital security professionals and found that 70% say their senior management fails to prioritize privacy and data security.

Published in: Technology, Health & Medicine
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
668
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • I promise to try and keep it simple, while we address many important issues that will help you gain a better understanding of the risks and trends that require healthcare organizations to adopt a culture of proactive information security with real-time database security & log management throughout your IT, clinical, business, and program practices.
    I will explore several drivers from a legal, clinical, and business perspective that are driving the need for real-time database security & log management.
    I will also show how LogLogic has helped some of your peers and can help you.
  • Now this is from the perspective of a single hospital. Lets look at how many affiliated entities are connected. Each one of these has many security devices that share security event data in addition to devices that access and use sensitive data.
    On the first pass, I look at this and think “wow, the healthcare service model is really big with a lot of players.” But then I also begin to think about the risks. This connected electronic information sharing model also exposes insurers and providers to cybercrime, fraud, and accidental loss of sensitive data.
    We need a health information technology architecture that allows ubiquitous and secure exchange and use of health information.
    So as you think about how many computer devices you have and each of these entities may have, I hope you can begin to understand why I say, “Real-time data protection is a foundation for delivery of high quality care and patient safety.”
    We have: call centers with remote workers; office workers that take records home on flash drives and laptops; claims and field workers with mobile access device; Physicians accessing e-prescribing systems and using PDAs and laptops; nurses with wireless pagers or phones on the floor; and this is just a few examples of the day-to-day activities.
    All of these users are endpoints with endpoint devices that have to be connected through a secure exchange of sensitive data.
    And as if the day-to-day clinical and business demands were enough to manage, you are now also living through the compliance decade.
    Lets take a look at our next slide.
  • The Security of Electronic Health Information Survey

    1. 1. Page 1 The Security of Electronic Health Information Survey
    2. 2. Security of Electronic Health Information Sponsored by LogLogic Presented by Dr. Larry Ponemon Webinar: September 30, 2009
    3. 3. About the study • The purpose of the study is to determine from IT security practitioners in healthcare organizations how secure they believe electronic patient health records are – especially those records stored in databases.
    4. 4. The survey addressed the following topics • The adequacy of the organization’s approach to the security of health information. • Senior management’s views about the importance of securing health information. • How electronic health information is used by the organization. • The database applications that cause the most risk to health information and the difficulty in securing health information in databases. • Steps taken to secure health information in databases and their effectiveness. • The impact of compliance on the security of electronic health information.
    5. 5. How is the above electronic health information used by your organization? The top five uses 67% 60% 58% 54% 53% 0% 10% 20% 30% 40% 50% 60% 70% 80% Billing & payments Insurance verification Marketing & communications Patient relations Patient care (clinical)
    6. 6. What kinds of database applications cause the most risk to electronic health information? 1.9 2.5 1.6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 Administrative applications such as patient scheduling systems Business applications such as billing and insurance processing Clinical applications such as physician notes, prescriptions or diagnostic reports Each bar represents the average ranking where 3 = highest risk and 1 = lowest risk.
    7. 7. How would you rate the effectiveness of the above mentioned data security measures you have in-place for securing electronic health information in databases? 19% 24% 25% 24% 9% 0% 5% 10% 15% 20% 25% 30% Very effective Effective Somew hat effective Not effective Unsure
    8. 8. How many of the above data breaches experienced by your organization involved electronic health information stored in a database? 33% 19% 16% 10% 8% 5% 9% 0% 5% 10% 15% 20% 25% 30% 35% More than 90% 75% to 90% 50% and 74% 25% and 49% 10 and 24% Less than 10% None
    9. 9. If your organization had a data breach involving the loss or theft of patient health information (say 1,000 or more records), what would this incident cost your company on a per lost record basis? 6% 9% 19% 30% 10% 3% 12% 0% 5% 10% 15% 20% 25% 30% 35% Less than $50 $50 to $100 $101 to $150 $151 to $200 $201 to $250 $251 to $300 More than $300 The extrapolated value of a data breach involving EPHI on a per compromised record basis is $211.
    10. 10. Page 10Page 10 Log & Security Management Helps … » Visibility – Broad Based Monitoring » Access to electronic healthcare records » Database activity monitoring » Creation/deletion of new user accounts » Assigning/changing access rights and privileges » Threat monitoring and incident response » Forensic analysis (immutable audit trail, electronic evidence)
    11. 11. Page 11Page 11 Log & Security Management Helps … » Control – Real-Time Prevention » Firewall and network policy (re)-configuration » Database firewall – real-time blocking of suspect transactions » Database security – virtual patch management
    12. 12. Page 12Page 12 CONNECTED HOSPITAL Employers Public Health Organizations Laboratories Pharmacies Connected Clinicians Social Services Clinics Emergency / First Responders Suppliers Government and Private Payers Home and Long-Term Care Hospitals Monitoring Allows You To “Trust But Verify”
    13. 13. Page 13Page 13 Read The Full Report! » You can view the entire webcast on demand at: http://www.loglogic.com/news/webcasts » A full copy of the report is available at: www.loglogic.com/resources/analyst-reports/ponemon- electronic-health-info-at-risk/
    14. 14. Page 14 Thank You! For more information or to schedule a demo contact us at: info@loglogic.com

    ×