data securityAccording to a new study, most small healthcare facilities are not doing enough to protect patient data. A survey conducted by CSID, a provider of global identity protection and fraud detection technologies, was implement to see what plans small healthcare facilities have in place to protect patient data.


The survey found that most small facilities (85 percent) believe they have systems in place that adequately mitigate risk for a data breach. However, that doesn’t jibe with the facts: healthcare breaches are rising. Here are some other important findings:

  • One third of healthcare facilities are spending less than 10 percent of their IT budget on patient data protection.
  • Just 16.7 percent of the facilities are concerned about losing patient data in the event of a data breach, even though most of them are not prepared for a breach should one occur. Only 28.6 percent have a crisis plan in place if there was a breach.
  • Half of the facilities’ employees who have access to electronic health records also have access to personal email at work, which makes it more possible for patient data to leave the facility.
  • Eighty-one percent of healthcare facilities require strong passwords to access systems that host sensitive data, but only a third of them use multi-factor authentication. Also, only 25 percent of them audit and vet vendors who access their patient data.

“With the rise of electronic medical records, one weak link can be devastating for the whole system. This survey shows that smaller healthcare facilities may not have adequate resources or know-how to protect patient data, potentially putting these entities and their patrons at risk,” said Joe Ross, president and co-founder of CSID. “It is going to be increasingly important for all healthcare facilities to proactively protect against medical data theft by implementing stronger security protocols and having a breach plan in place. Our goal here is to help them do this.”