January 26, 2018
Despite the fact that healthcare hacking was rampant in 2017, only one in five healthcare professionals—registered nurses (RNs) and health administrators—say they have experienced patient data breaches.
According to the University of Phoenix College of Health Professions survey findings, 20% of RNs and 19% of health administrators said their facility has experienced a breach of patient data, and just as many responded that they didn’t know if their facility has experienced a data breach.
University of Phoenix College of Health Professions surveyed 504 U.S. adults working full time in healthcare as either registered nurses or administrative staff who have worked in their position for at least two years.
Other findings include:
· Despite record-breaking cybersecurity issues in the healthcare industry in 2017, 48% of RNs and 57% of administrative staff said they are “very confident” in their facility’s ability to protect patient data against potential theft.
· Additionally, when asked where they have seen the most changes occur in the industry over the last year, including quality of care, safety, digital health records, prevention, and population health, only 25% of RNs and 40% of administrative staff cite data security and privacy.
· About eight in 10 RNs (79%) and administrative staff (77%) think big data is important to their jobs; however, about two in three RNs (65%) and over half of administrative staff (55%) have never received training on it.
· More than three in five RNs (64%) and administrative staff (62%) say their facility has invested in electronic medical records in the past year
· Both groups said their organizations are taking the following steps to ensure patient data is protected:
o Updated privacy and access policies (69% of administrative staff, 67% of RNs).
o Role-based access (60% of administrative staff, 59% of RNs).
o Data surveillance (55% of administrative staff, 56% of RNs).
“The results show that there is a disconnect between the level of confidence that healthcare professionals have in their organization’s ability to prevent data breaches and the reality of today’s cybersecurity landscape,” says Doris Savron, executive dean for the Colleges of Health Professions at University of Phoenix.
“Healthcare executives must be aware of these growing challenges and how data breaches not only affect patients, but also how they impact hospital and health system staff at all levels,” Savron says. “It’s important to recognize the problem, as the healthcare industry continues to be one of the highest targeted by cybercriminals. Organizations need improved, more frequent training for health professionals and more robust company policies, and health execs are the ones who can begin implementing these changes.”
Based on the survey Savron offers these four tips for healthcare execs:
- Healthcare facilities and their execs need to place higher importance on data protection. All levels of staff need to be trained in cybersecurity and data best practices, and these trainings need to be consistently updated, according to Savron. “Everyone in the healthcare industry must work together to establish protocols and implement training to secure and protect all patient data to reduce the risk of being compromised,” she says.
- Education and training are key to ending this vicious cycle of cybersecurity issues. Twenty-three percent of RNs and 34% of administrative staff stating that additional support and training is needed for healthcare privacy and security, and healthcare execs must listen, according to Savron. “By implementing professional development programs that incentivize training in these areas, we can better train the next generation of privacy and security literate health professionals,” she says.
- As RNs and administrative staff are being asked to take on more responsibilities, including digital tasks like EHRs and patient portals, health execs must put protocols in place to minimize human error.
- Healthcare data breaches have increased over the past year, but not all hospital staff are made aware of these incidents. “Execs need to be transparent with their staff so these problems can be mitigated and eliminated in the future,” she says.
e-End Provides A Complete Compliance Solution
By following NSA and NIST 800-88R1 guidelines, e-End can ensure your organization that all data, including ePHI, on the computers, office equipment, medical equipment and other devices we handle cannot be recovered by any means. With our proprietary, compact and portable media destruction equipment, e-End can perform data sanitization services onsite at your office or facility with no disruption.
For more information on how we can keep you in compliance with HIPAA’s Final Security Rule, contact us today.