Concerns over negligent insiders are a primary concern for healthcare IT professionals according to the inaugural SANS healthcare information security survey.
The survey polled some 373 healthcare IT professionals asking questions about their digital health initiatives, awareness and concerns over risk, and how they are (or are not) managing this risk.
The survey was carried out by the SANS Institute. Established in 1989, SANS is a cooperative research and education organization and a provider of security training and security certification.
The survey found that 65% of respondents were concerned about negligent insiders. Another major concern was lack of investment in user awareness (53% selected this option as among their top three concerns). When asked about the effectiveness of their controls, only 40% rate "workforce training and awareness" as effective, while nearly 30% consider it their least effective control.
Respondents are also concerned about the security of their electronic medical records/electronic health records as well as personal health record or PHR systems. PHRs can be "untethered" from the more regulated electronic health record systems and not subject to the same regulatory protection and control.
“While these respondents primarily represented the IT side of healthcare, their biggest driver for information security is regulatory compliance,” said survey author Barbara Filkins. “There was also a common theme on 'securing the human,' emphasizing a need for technical, clinical and compliance staff to work together for effective risk management and compliance.
"Despite these concerns, organizations are accepting the risks for the convenience of mobile and cloud technologies in delivering care to patients.”
negligent insiders, healthcare IT, SANS healthcare information security survey, SANS
