- There is potentially a disconnect between healthcare professionals’ confidence in preventing patient data breaches and actually being able to do so, according to recent research from the University of Phoenix.
Twenty percent of registered nurses (RNs) and 19 percent of administrative staff reported that their organization had experienced a patient data breach. However, 48 percent of RNs and 57 percent of administrative staff said they were “very confident” that their facility could protect against potential patient data theft.
Approximately 500 full-time RNs and administrative staff were interviewed for the survey, and had been in their position for at least two years.
One-quarter of RN respondents said that they had seen the most changes occur in data security and privacy in the last year, while 40 percent of administrative staff said the same. Quality of care, safety, digital health records and prevention and population health were areas where the most change was reported.
“Patient safety is not just about physical and emotional well-being and protection, it also includes electronic records. In our increasingly digital world, it is critical for healthcare professionals at every level to prevent data breaches,” said the Colleges of Health Professions at University of Phoenix Executive Dean Doris Savron. “Everyone in the healthcare industry must work together to establish protocols and implement training to secure and protect all patient data to reduce the risk of being compromised.”
Respondents stressed that additional support and training is necessary for healthcare privacy and security, with 23 percent of RNs and 34 percent of administrative staff calling for more education.
Nearly two-thirds of RNs (67 percent) said updated privacy and access policies were being implemented for better patient data protection, 59 percent stated role-based access was a focus area, and 56 percent listed data surveillance as an initiative for improved privacy and security.
Administrative staff respondents had similar feelings, with 69 percent wanting updated privacy and access policies, 60 percent looking to implement role-based access, and 55 percent focusing on data surveillance.
University of Phoenix College of Information Systems and Technology Executive Dean Dennis Bonilla added that it just takes one employee making an error that introduces malicious malware into a system. There must be improved cybersecurity governance to limit the amount of healthcare data breaches.
“Without improved training and robust cybersecurity response plans incorporated into information technology strategies, the healthcare industry will continue to bear the brunt of these attacks,” Bonilla stated.
A recent Accenture and American Medical Association (AMA) report showed an even larger number of healthcare organizations experienced a cybersecurity attack. Eighty-three percent of surveyed physicians said they had experienced a cybersecurity attack, with 55 percent reporting that they were very or extremely concerned about future cyberattacks affecting their organization.
HIPAA compliance by itself is not enough to keep data security, according to 83 percent of survey respondents. There instead must be a more holistic approach to assessing and prioritizing organizations’ risks.
“More support from the government, technology and medical sectors would help physicians with a proactive cybersecurity defense to better ensure the availability, confidentially and integrity of health care data,” said AMA President David O. Barbe, M.D., M.H.A.
The following areas were also listed for helping organizations stay confident in security:
- Tips for good cyber hygiene – 50 percent
- Simplifying the legal language of HIPAA – 47 percent
- Easily digestible HIPAA summary – 44 percent
- An explanation of the more complicated HIPAA areas – 40 percent
- A how to guide for conducting a risk assessment – 38 percent
Accenture Global Health Practice Head Kaveh Safavi, M.D., J.D. explained that compliance alone is not enough for organizations to “enhance their security profile.” Instead, entities must evolve with cyberattack sophistication and help physicians strengthen their capabilities.
Organizations must “build resilience and invest in new technologies to support a foundation of digital trust with patients,” Safavi said.