HIPAA Patient Data Security Trends

2020 HIPAA Patient Data Trends

How Is Healthcare Doing With Patient Data Security?

Over the past three years, we interviewed over 150 healthcare professionals responsible for HIPAA compliance (i.e., 61 professionals in 2019, 40 in 2018, and 56 in 2017) about how organizations protect their patient data. This infographic is an analysis of their collected responses.

2019 SUMMARY

• 56% encrypt electronic patient data.
• 78% delete or destroy patient data.
• 26% require multi-factor authentication for remote access to patient data.
• 76% have automatic timeouts/logouts enabled on all workstations.

Organizations encrypt stored electronic protected health information

Organizations need to properly encrypt stored ePHI (e.g., using AES-256 encryption).

2019 Data

• No: 28%
• Don't know: 16%
• Yes: 56%

2018 Data

• No: 20%
• Don't know: 26%
• Yes: 54%

2017 Data

• No: 20%
• Don't know: 2%
• Yes: 78%

Organizations Destroy Sensitive Data

Organizations need to make sure to destroy sensitive data properly (e.g., shredding, degaussing, overwriting).

2019 Data

• No: 13%
• Don't know: 9%
• Yes: 78%

2018 Data

• No: 27%
• Don't know: 15%
• Yes: 58%

Organizations have automatic timeouts/log outs on workstations

All workstations need to have an automated timeout/log out (i.e., a password-protected screensaver enabled after a period of disuse).

2019 Data

• No: 15%
• Don't know: 9%
• Yes: 76%

2018 Data

• No: 20%
• Don't know: 3%
• Yes: 77%

2017 Data

• No: 20%
• Don't know: 2%
• Yes: 78%

Organizations require multi-factor authentication for remote access to patient data

If you use remote access, make sure to implement adequate security, such as multi-factor authentication.

2019 Data

• No: 60%
• Don’t know: 14%
• Yes: 26%

2018 Data

• No: 21%
• Don’t know: 33%
• Yes: 46%

2017 Data

• No: 40%
• Don’t know: 34%
• Yes: 26%

HIPAA TAKEAWAYS SINCE 2018

• 40% increase in organizations that don’t encrypt electronic patient data.
• 34% increase in organizations that destroy sensitive data.
• 25% decrease in organizations that don’t have logouts/timeouts enabled on workstations.
• 43% decrease in organizations that require multi-factor authentication for remote access.

Click Here to Download: Guide to HIPAA Compliance

2018 HIPAA Patient Data Trends

https://info.securitymetrics.com/hipaa-patient-data

2016 HIPAA Patient Data Trends

http://info.securitymetrics.com/l/47362/2016-06-29/3yrqr3