IS Decisions: 63% of US Healthcare Organizations Failing to Adequately Identify Individual User Access to Patient Data

Just 37% of healthcare employees are restricted from logging on to
multiple devices concurrently, while 30% do not even have a unique login

LONDON–(BUSINESS WIRE)–Concurrent logins, manual logoffs, password sharing and the lack of
unique logins are putting patient records at risk, new research has
revealed. A report by security software provider IS
found that despite HIPAA’s
security rules
on imposing restricted access to electronic patient
health information, 63% healthcare staff are still able to logon to
different devices and workstations concurrently, 49% are required to
manually logoff, and 30% do not have unique logins.

The report, ‘Healthcare:
data access compliance
’, highlights the several issues that have a
direct effect to security of information within the healthcare industry.
Access to personal data can be life-dependent but there has to be a
reliable access management procedure and system in place. According to
the report, 82% have access to patient data, which is worrying
considering 30% do not have unique logins for this access, making proper
user identification impossible. A surprising 37% are restricted from
concurrent access, a requirement given attribution is difficult when
users can be logged in from multiple devices and locations.

Derek Brink, vice president and research fellow at Aberdeen Group, said:
“This guide is an excellent example of how to simplify compliance. It
describes a set of basic security practices for healthcare organisations
that will help safeguard sensitive patient data, and satisfy an array of
compliance requirements from the Health Insurance Portability and
Accountability Act (HIPAA).”

The report also details security training, for both on-boarding new
employees and those who have settled into their jobs. It showed that 29%
of healthcare professionals did not receive any security training when
they were employed and only 55% of existing employees received IT
security training.

The figures around access, logins and password sharing as well as the IT
security training shows the need to firstly, implement a good access
management system and secondly train staff to raise awareness and build

David Childers, fellow at Open Compliance & Ethics Group (OCEG), said:
“70% of data losses in healthcare are caused by human error. Both
Ponemon and Experian in their latest reports regarding data breach and
protection challenged healthcare organisations to ‘step up’ their
security posture. Not only did these studies cite the increase in breach
event activity but noted the likely rise in legal and regulatory
scrutiny that will come in 2016.”

Francois Amigorena, CEO of IS Decisions commented, “Unlike an office
where employees have designated computers and workstations, doctors and
nurses are always on the go, moving from operating theatres to patient
rooms and so on. Healthcare organizations need to protect the patient’s
right to privacy while ensuring healthcare professionals get the
necessary access to provide the best treatment for their patients.

“Information of this critical and confidential nature should only be
accessible by authorized users and it really should not be a complicated
process. This can be easily achieved with the right combination of
implementing access control policies, applying user identity
verification and improving user activity auditing.”

Download ‘Healthcare:
data access compliance
’ for more information.


About IS Decisions

IS Decisions makes it easy to safeguard and secure your Microsoft
Windows and Active Directory infrastructure. With solutions for user
access control, file auditing, server and desktop reporting, and remote
installations, IS Decisions combines the powerful security today’s
business world mandates with the innovative simplicity the modern user
expects. Over 3,000 customers around the world rely on IS Decisions to
prevent security breaches; ensure compliance with major regulations,
such as SOX, FISMA and HIPAA; quickly respond to IT emergencies; and
gain time and cost-savings for IT.

IS Decisions is a Microsoft Silver Partner based in Biarritz, France.
Customers include American Express, BAE Systems, BMW, Computer Sciences
Corporation, FBI, Frito-Lay, GlaxoSmithKline, IBM, Lockheed Martin,
Mitsubishi, Oxford University, South Wales Police, TimeWarner, United
Nations Organization, US Department of Justice, US Department of
Veterans Affairs and US Navy Marine Corps.


For IS Decisions
Carolyn Devadawson / Sanjay Dove
+ 44 208 408 8000