beyond hipaa compliance · awareness training are driven largely by hipaa compliance, as opposed to...
TRANSCRIPT
SOURCES
1. 2016 Benchmark Study on Privacy & Security of Healthcare Data by Ponemon Institute2. 2016 State of Privacy and Security Awareness, MediaPro3. 2016 HIMSS Analytics HIT Security and Risk Management Study
88% of all employees lack the basic awareness to stop preventable privacy or security incidents.2 How does your
awareness of best practices measure up?
adoption rate among healthcare organizations.3 But what needs to change is the potentially dangerous focus on merely checking the HIPAA compliance box.
The good news is that the adoption of risk-based frameworks, such as the NIST Cybersecurity Framework, is increasing, with a
If you’re a healthcare organization, it’s time to move beyond mere HIPAA compliance training.
Bottom line: employees are the last safeguard against data breaches, fines, and reputational damage. This means a well-thought-out and expertly sourced
approach to employee awareness education should be a top priority.
61%
BEYOND HIPAA COMPLIANCE2017 PRIVACY & SECURITY AWARENESS IN HEALTHCARE
A MediaPro survey testing the cybersecurity and privacy know-how of healthcare employees across eight different risk scenarios revealed that just
28%demonstrate the awareness to prevent incidents that could lead to the exposure of protected health information (PHI) and other forms of personal data.
Data breaches are costing the U.S. healthcare industry
89% of healthcare organizations have experienced a data breach, involving the theft of PHI, over the past two years.1
$6.2 BILLION PER YEAR1
These results align with broader analysis of the healthcare industry that shows IT investment as
it relates to cybersecurity strategy and employee awareness training are driven largely by HIPAA
compliance, as opposed to business risk mitigation.
Of the 850 respondents,were considered risks, putting their organization in jeopardy of a potentially serious privacy or security incident.
were risks or novices, lacking basic awareness of privacy and security awareness best practices
in the eight surveyed risk areas.2
18% Overall,
72%
of leaders at healthcare organizations cited HIPAA compliance as the main driver in determining IT investments.
of healthcare organizations believe they are at greater risk than other
industries for a data breach citing “negligent or careless employees” as their biggest cause for concern.
3/4
69%
ONLY
23%
JUST
51%
20%
80%
86%
85%
85%
82%
83%
90%
85%
have an ongoing, consistent risk-management program.
focus only on compliance mandates like HIPAA.3
believe their organization has employees that can “identify and resolve data breaches involving the unauthorized access, loss or theft of patient data.”1
AVERAGE SCORE 85%
KEY FINDINGS FROM THE SURVEY
HEALTHCARE AT-A-GLANCE
The average score of a risk-aware employee is > 93.5%.2 These were the average scores in each surveyed risk area:
Healthcare organizations need to
move beyond mere HIPAA compliance and cultivate risk-
aware employees who recognize privacy and
security risks.
INCIDENT REPORTING
MALWARE WARNING SIGNS
ACCESS CONTROLS
CLOUD COMPUTING
IDENTIFYING PERSONAL INFORMATION
WORKING REMOTELY
PREVENTING PHISHING
ACCEPTABLE USE OF SOCIAL MEDIA
18%
RISK NOVICE HERO
54% 28%
AN INDUSTRY DRIVEN BY HIPAA
A PROBLEM OF EMPLOYEE AWARENESS