63% of U.S. Healthcare Organizations are Putting Patient Records at Risk

63% of U.S. Healthcare Organizations are Putting Patient Records at Risk

October 14, 2015         Written By John H. Oldshue

The majority of healthcare organizations are not doing enough to protect patient privacy, according to a report by IS Decisions, a security software provider.

To secure patient records, a healthcare organization must ensure that each employee has a unique login so that an unauthorized user cannot access a patient’s records. However, the IS Decisions report shows this is not happening.

82% of healthcare employees have access to patient data, but 30% do not have unique logins, which means that multiple employees could use the same login data. When this happens, it is impossible to tell whether a user is accessing records that they should not.

Another 37% of employees are given concurrent access, which means they can logon to a number of different computers at one time. Again, this endangers patient data and violates the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA rules specifically state that healthcare providers must:

  1. Ensure the confidentiality, integrity and availability of all patient records that are received, maintained or transmitted.
  2. Protect against anticipated threats to security.
  3. Protect against impermissible use or disclosure of patient information.
  4. Make sure employees are following these guidelines.

While it is important for doctors and other healthcare providers to have critical patient information at their fingertips, patients must have their privacy respected and protected. These possible security breaches not only endanger patient financial information, they could also allow unauthorized users to know confidential details about patients’ health conditions.

There are a number of things healthcare organizations must do to comply with HIPAA. First, authorized users should be given unique login credentials and training on an access management system. Currently, 29% of healthcare professionals did not have security training when they were hired and only 55% of existing employees were trained.

“Healthcare organizations need to protect the patient’s right to privacy while ensuring healthcare professionals get the necessary access to provide the best treatment for their patients,” Francois Amigorena, CEO of IS Decisions, said in a statement. “Information of this critical and confidential nature should only be accessible by authorized users and it really should not be a complicated process. This can be easily achieved with the right combination of implementing access control policies, applying user identity verification and improving user activity auditing.”

The information contained within this article was accurate as of October 14, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About John H. Oldshue

John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured Cash Back Card
Top Features : 1.5% cash back on all purchases; $150 bonus after spending $500 in first 3 months
Featured No Annual Fee Card
Top Features : Earn cash back TWICE. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : Perfect credit not required; Reports to major credit bureaus