The Web-based survey of 196 health care CIOs and others found that about 60% of respondents' organizations spend 3% or less of theirIT budget on information security. That level is similar to the results of the same survey a year ago.
Other findings of the survey, conducted by the Chicago-based Healthcare Information and Management Systems Society and sponsored by Symantec Corp., a Mountain View, Calif.-based data security technology vendor, include:
- Only half of respondents said their organization has a plan in place for responding to threats or incidents of a security breach.
- About half reported that their organization has a formally designated chief security officer.
- Some three-quarters said they have conducted a formal risk analysis, but only half of these conduct this assessment annually or more frequently.
- Right now, 67% use encryption to secure data in transmission and less than half encrypt stored data.
- E-mail encryption and single sign-on were the most frequently identified security technologies that organizations plan to install in the months ahead.
- One-third of respondents reported their organization has had at least one known case of medical identity theft. More information is available at himss.org.
This article can also be found at HealthDataManagement.com.
Joseph Goedert is news editor at Health Data Management.
Howard Anderson is the executive editor of Health Data Management magazine.