Healthcare reform is hot these days, but many firms don't have response plans to deal with security breaches and a designated chief security officer is not in place, according to the 2009 Security Survey from the Healthcare Information and Management Systems Society (HIMSS).

The survey found that three quarters of organizations that conduct formal risk assessments found patient data at risk due to inadequate security controls, policies and processes. These findings are hardly a surprise but it increases the urgency for private companies to do something about this security issue before their systems are hacked and data is stolen.

"One-third of respondents reported that their organization has had at least one known case of medical identity theft at their organization. Only a handful of these organizations, however, have experienced direct consequences from the breach," HIMSS said.

Some of the survey's findings were alarming. Healthcare organizations aren't using current security technologies. Respondents widely use logs from firewalls, applications and servers as information sources, yet only 25 percent of respondents reported electronic analysis of the data. Only two-thirds or respondents used encryption, and half encrypt stored data.

These organizations share their patient data electronically, mostly with state governments, and that raises an even greater question about the safety and security of the information. E-mail encryption and single sign-on were the security technologies not currently available that were most likely to be installed in the future, according to the survey.

For more on e-health and security:
- check out this InformationWeek.com article

Related Articles:
Obama's e-health plan faces obstacles
Are electronic medical records really a panacea?
Obama's electronic medical requirements are within reach
Could Obama's electronic medical records plan help ECM?
Bad diagnosis for e-medical records