Security Policies to Follow to Protect Patient Data


April 21st, 2014 -
Andrey Ostashko
/ 2 Min Read

Perhaps the largest concern regarding the digitalization of patient information is data security. Made available using health information exchanges (HIEs) and databases, information is left considerably more vulnerable. The Ponemon Institute is an establishment, known for conducting research regarding the privacy and security of data. The research is meant to aid organizations in expanding their defensive initiatives. Their Fourth Annual Benchmark Study on Patient Privacy and Data Security surveyed healthcare networks, hospitals, and clinics, and was released on March 12th, 2014.

The survey showed:

  • The number of organizations with more than five data breaches has decreased.
  • The cost of data breaches decreased by close to $400,000 as compared to the previous year.
  • 70% of organizations believe that insecure websites, databases, etc. are the reason that healthcare reform seems risky.
  • 33% of healthcare organizations are uninterested in joining HIEs due to the potential risk to patient information.
  • 75% of organizations consider employee negligence to be at the root of the problem.
  • There has been a 100% increase in attacks on healthcare information systems since 2010.

Organizations are primarily apprehensive about insecure information exchange across technology. 90% of all healthcare organizations experienced a minimum of one data breach in the last 2 years and 35% reported more than 5 breaches. Although there has been a decrease in breaches from the previous year (45%), it’s still an issue that must be attended to.

A 2013 article by Bill Kleyman on HealthITSecurity.com explains how following a few basic security policies can allay these concerns:

  1. Enforcing policies: Though many security policies are in place, they may not always be strongly enforced. Weak passwords or insecure USB ports can lead to data breaches.
  2. Physical security: Digital security isn’t the only concern. If someone were to steal a backup disk, a data breach has occurred. Though physical barriers may be expensive, their protection of patient data will be a good investment.
  3. Next-generation security: Technology such as firewalls and intrusion detection systems (IDS) could be key to minimizing data breaches.
  4. Locking down the endpoint: Data is no longer confined to desktop computers and laptops. Information can now be accessed through mobile devices such as cell phones and computers. Therefore, steps must be taken to ensure that these devices don’t increase security risks.

Author: Apoorva Anupindi


Contact PrognoCIS To Discuss The EHR Needs Of Your Medical Practice

Find out whether our electronic health record software is the right choice for you

Request Demo Download EHR PDF

Recent Posts

Please fill in your details with the best contact email and phone number.
We look forward to connecting with you.

Contact Us

All our promotional offers are as individual and unique as the practices and clinics we support.

We look forward to exploring the potential benefits and offers prognoCIS has for you.

Please fill in your details with the best contact email and phone number.

All our promotional offers are as individual and unique as the practices and clinics we support.

We look forward to exploring the potential benefits and offers prognoCIS has for you.

Please fill in your details with the best contact email and phone number.

Need Help?
We're Here To Assist You

Would you like to see an example of this?


Feel free to contact us, and I will be more than happy to answer all of your questions.

Receive the latest news

Subscribe To Our Newsletter

PrognoCIS Demo

We would like to invite you to take a demonstration of PrognoCIS EHR to fully appreciate the depth of content, features and simplicity of use.

Please choose your preferred method of contact.