OREM, Utah, Oct. 14, 2015 /PRNewswire/ -- A significant security disparity exists among healthcare c-suite and IT departments, outlined by the SecurityMetrics HIPAA Security Rule Report. In a survey of c-level, risk officers, and IT managers, a 10-20% gap was revealed between what executives believe is happening in regards to patient data security in the organization, and the reality.
SecurityMetrics' HIPAA report was specifically designed to help compliance, risk, and IT professionals understand the largest security risks in healthcare, but also to help provide proof for those looking to increase HIPAA and security budgets in 2016.
"The healthcare industry is significantly less secure than executives think," said HIPAA Security Analyst Brand Barney. "But with more cyber attacks happening each day, it's becoming critical for health organizations to be HIPAA compliant."
The report reveals startling details about the status of healthcare security, from the viewpoint of both c-level executives and IT staff implementers.
A few key findings of the SecurityMetrics HIPAA Security Rule Report include:
- 80% of respondents believe their organization is fully HIPAA compliant, while most surveyed were missing key elements of compliance with the HIPAA Security Rule
- Only 63% of healthcare organizations encrypt PHI on work devices
- Only 76% of risk and compliance officers believe their organization would pass an HHS OCR audit
- A mere 60% of risk and compliance officers say the organization has created a HIPAA Risk Management Plan
The report also gives guidelines to remedy security issues, such as proper encryption, investing in vulnerability scanners, and implementing security policies. The report even outlines a security budget for organizations to use.
Download the SecurityMetrics HIPAA Security Rule Report!
About SecurityMetrics (www.securitymetrics.com)
SecurityMetrics is a global leader in data security that enables businesses of all sizes to comply with government, healthcare, and financial mandates. Since its founding date, the company has tested over 1 million systems for data security and compliance. Among other services, SecurityMetrics offers HIPAA compliance services, penetration testing, security consulting, mobile device vulnerability scanning, payment data discovery, and incident response. Founded in October 2000, SecurityMetrics is a privately held corporation headquartered in Orem, Utah. For more information visit www.securitymetrics.com.