News | February 19, 2014

2013 HIMSS Security Survey Shows Progress, Remaining Concerns

HIMSS 2013 Security Survey Information Technology Cardiac PACS

February 19, 2014 — Results of the 2013 HIMSS Security Survey show progress toward hardened security and use of analytics, but more work is needed to mitigate insider threat, such as inappropriate access of data by employees. Federal initiatives such as OCR audits, Meaningful Use (MU) and the HIPAA Omnibus Rule encourage healthcare organizations to increase the budgets and resources dedicated to securing patient health data. However, over the past year, 19 percent of respondents reported a security breach. Additionally, 12 percent of organizations have had at least one known case of medical identity theft reported by a patient.

The 2013 HIMSS Security Survey is supported by the Medical Group Management Association and underwritten by Experian Data Breach Resolution. It profiles the data security experiences of 283 information technology (IT) and security professionals employed by U.S. hospitals and physician practices. The data from respondents suggests the greatest perceived “threat motivator” is of healthcare workers potentially looking at electronic health information of friends, neighbors, spouses or co-workers.

There has been a response to the risk of security breach via inappropriate data access by insiders. Efforts include increased use of several technologies related to employee access to patient data, such as user access control and audit logs of each access to patient health records. 

More than half of the survey’s respondents (51 percent) have increased their security budgets in the past year. Still, 49 percent of these organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.

“Though progress is noticeable, it is critical that healthcare organizations put in place a comprehensive plan that addresses potential security threats – whether internal or external — to prevent electronic health data breaches and minimize the impact of a breach should one occur,” said Michael Bruemmer, vice president for Experian Data Breach Resolution.

Other findings from the survey include: 

  • 92 percent of organizations conduct a formal risk analysis
  • 54 percent of organizations report having a tested data breach response plan and 63 percent of these organizations test their plan annually
  • 93 percent of organizations indicate their organization is collecting and analyzing data from audit logs
  • Healthcare organizations are using multiple means of controlling employee access to patient information; 67 percent of survey respondents use at least two mechanisms, such as user-based and role-based controls, for controlling access to data


The survey also identifies barriers to improving an organization’s security posture included budget, dedicated leadership and the following: 

  • Organizations reported an average score of 4.35 regarding the maturity of the security environment (where 1 is not at all mature and 7 is highly mature).
  • Nearly half (49 percent) of the survey’s responding organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.
  • 52 percent of the hospital-based respondents reported that they had a CSO, CISO or other full-time leader in charge of security of patient data.


For more information:,

Related Content

Fujifilm Showcases Enterprise Imaging Portfolio and AI Initiative at HIMSS 2018
News | PACS | March 14, 2018
Fujifilm Medical Systems U.S.A. Inc. recently showcased its enterprise imaging and informatics solutions at the...
Technology | PACS Accessories | March 14, 2018
March 14, 2018 — Vital Images recently announced the release of Vitrea Connection version 7.0 with new features, incl
Siemens Healthineers Launches New Partners for Digital Ecosystem at HIMSS 2018
News | PACS Accessories | March 12, 2018
At the 2018 Healthcare Information and Management Systems Society (HIMSS) Annual Conference and Exhibition, March 5-9...
Siemens Healthineers Launches Next Generation of syngo Dynamics at ACC 2018
Technology | Cardiac PACS | March 09, 2018
March 9, 2018 — At the American College of Cardiology’s 67th Annual Scientific Session and Expo, March 10-12 in Orlan
News | Artificial Intelligence | March 08, 2018
Nuance Communications Inc. announced the signing of a multi-year strategic agreement with Partners HealthCare at the...
Digital Ecosystem is an open and secured environment for healthcare stakeholders that houses a range of digital offerings
News | Information Technology | March 05, 2018
At the 2018 HIMSS Annual Conference & Exhibition, Siemens Healthineers showcased new additions and updates to its...
News | PACS Accessories | February 22, 2018
The RamSoft team will showcase radiology solutions to help users cut costs and save time at the 2018 Healthcare...
Konica Minolta Exa Enterprise Imaging Delivers Intelligent Radiology Analytics
News | Enterprise Imaging | February 20, 2018
At the 2018 annual meeting of the Healthcare Information and Management Systems Society (HIMSS), March 5-9 in Las Vegas...
ScImage Celebrates 25th Anniversary
News | PACS | February 08, 2018
February 8, 2018 – ScImage, a leading provider of...
KLAS PACS Report Rates Carestream Health A Top Performer
News | PACS | January 23, 2018
January 23, 2017 – Carestream Health’s Radiology PACS (picture archiving and communication system) module of the...
Overlay Init