Room for improvement on security, HIMSS survey shows

Results from the 2011 HIMSS Security Survey show that three-quarters of all respondents reported conducting a risk assessment to evaluate the risks to patient data. However, one-quarter of organizations still do not conduct a security risk assessment, which is concerning. The study also found that those who conducted a risk assessment took action based on the results, using the information to determine security controls and identify gaps in existing controls. Other key findings include the maturity of the security environment, security budget, oversight of information security, employee/patient data access, audit logs, security in a networked environment, future use of security technologies, patient identity validation, and medical identity theft cases reported.