It has become a cliche in information security: Compliance is not security.
But there is still an unsettling amount of denial out there, based on a recent study from HIMSS Analytics and Kroll Advisory Solutions.
According to the 2012 “HIMSS Analytics Report: Security of Patient Data,” increasingly strict regulation and increased compliance from providers haven’t slowed an increase in breaches over the past six years.
Yet, respondents to the survey, which included CIOs, compliance officers and HIMs, expressed confidence that they are better prepared for attempted data theft — in spite of evidence to the contrary — because they are in better compliance with regulations like the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
This is the third of Kroll’s biannual survey of healthcare providers nationwide.
Along with numerous other security experts, Brian Lapidus, senior vice president for Kroll Advisory Solutions, says being in compliance with policy prescriptions is not the same as actually protecting personal health information (PHI).
The results of that are predictable. The number of organizations reporting breaches went from 13 percent in 2008 to 19 percent in 2010 to 27 percent in the past year. (Read More)