One-quarter of healthcare organizations do not conduct security risk assessments, according to the 2011 HIMSS Security Survey (pdf).
The assessment is a requirement for both HIPAA and the electronic health record meaningful use incentive programs.
The survey by the Healthcare Information & Management Systems Society includes responses from 329 IT and security professionals employed by hospitals and ambulatory care providers. The percent of healthcare organizations conducting these assessments has remained stable at 75 percent across the four years HIMSS has issued the survey.
Meaningful use also requires organizations correct deficiencies identified in the risk analysis. The survey found more than 80 percent of the respondents who conduct a risk assessment use the assessment information to determine what security controls to implement.
Key Compliance Considerations When Implementing EMRs
Ensuring Legal and Regulatory Compliance in 2011: Q&A With Compliance Experts Debbie Wheeler and Thomas Tammany
The assessment is a requirement for both HIPAA and the electronic health record meaningful use incentive programs.
The survey by the Healthcare Information & Management Systems Society includes responses from 329 IT and security professionals employed by hospitals and ambulatory care providers. The percent of healthcare organizations conducting these assessments has remained stable at 75 percent across the four years HIMSS has issued the survey.
Meaningful use also requires organizations correct deficiencies identified in the risk analysis. The survey found more than 80 percent of the respondents who conduct a risk assessment use the assessment information to determine what security controls to implement.
Related Articles on Health IT Risk Assessments:
5 Steps to Minimize the Risk of Data BreachesKey Compliance Considerations When Implementing EMRs
Ensuring Legal and Regulatory Compliance in 2011: Q&A With Compliance Experts Debbie Wheeler and Thomas Tammany