White Papers

HomeSecurity Practices and Regulatory Compliance in the Healthcare Industry

Security Practices and Regulatory Compliance in the Healthcare Industry

Topics: Risk Management

View Publication

Juhee Kwon, M. Eric Johnson

Journal of the American Medical Informatics Association, October 2012

Objective: Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance.

Design: We employed Ward’s cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance.

Measurement: We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security.

Results: Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices).

Conclusions: Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.
More ›

Related Content

Privacy in the Era of Big Data: A European Perspective on Balancing Business Growth and Consumer Protection
The Ethics of Artificial Intelligence with Amy Winecoff
The Push for Privacy: Who Will Lead Change?
Future of Authentication: Password-less Security

Trending Digital Business Topics

AI & Machine Learning Supply Chain Healthcare Products / Services Global Internet of Things Operations Marketing / Sales Communications Entrepreneurial Tech

Our Areas of Expertise