A small survey of IT professionals shows that many health care organizations still have a long way to go when it comes to data security. The survey was conducted as the industry faces new privacy and security requirements under the American Recovery and Reinvestment Act.

The Web-based survey of 196 health care CIOs and others found that about 60% of respondents' organizations spend 3% or less of theirIT budget on information security. That level is similar to the results of the same survey a year ago.

Other findings of the survey, conducted by the Chicago-based Healthcare Information and Management Systems Society and sponsored by Symantec Corp., a Mountain View, Calif.-based data security technology vendor, include:

  • Only half of respondents said their organization has a plan in place for responding to threats or incidents of a security breach.
  • About half reported that their organization has a formally designated chief security officer.
  • Some three-quarters said they have conducted a formal risk analysis, but only half of these conduct this assessment annually or more frequently.
  • Right now, 67% use encryption to secure data in transmission and less than half encrypt stored data.
  • E-mail encryption and single sign-on were the most frequently identified security technologies that organizations plan to install in the months ahead.
  • One-third of respondents reported their organization has had at least one known case of medical identity theft. More information is available at himss.org.

This article can also be found at HealthDataManagement.com.