At the same time, a majority of responding healthcare organizations said they spend less than 3% of their overall IT budget on information security, according to a survey of 329 IT and security professionals from healthcare organizations conducted by HIMSS.
In addition, 14% of respondents reported that their organization had had at least one case of medical identity theft reported by a patient in the previous 12 months. Those working for corporate entities were more likely to report a breach, compared to those working at medical practices or hospitals, the survey found.
Approximately 82% of respondents reported that their organization shared patient data in an electronic format with external organizations. Data were most frequently shared with other facilities within their corporate entity, third-party service providers, and state government entities.
The survey found that healthcare organizations considering making a security purchase were most likely to identify data loss prevention, e-mail encryption, and single-sign on as potential future procurement.
Approximately half of respondents reported they have either a chief security officer/chief information security officer or full-time staff in place to handle their organizations’ security functions.