New Study Shows Employees Remain Top Threat to HIPAA-HITECH Compliance

According to the Ponemon Institute’s Fourth Annual Benchmark Study on Patient Privacy & Data Security, employee negligence is considered the biggest information security risk. 75% of organizations say employee negligence is their biggest worry followed by use of public cloud services (41%), mobile device insecurity (40%) and cyber attackers (39%).

By investing in HIPAA-HITECH workforce training, you can transform a major vulnerability (unaware workers) into a valuable asset to help safeguard the PHI entrusted to you and protect your organization’s reputation. Click here to learn more about how you can ensure this critical “last mile” effort.

These days, employees have even greater opportunities to put their organizations at risk. BYOD usage continues to rise. Despite the concerns about employee negligence and the use of insecure mobile devices, 88% of organizations permit employees and medical staff to use their own mobile devices (such as smart phones or tablets) to connect to their organization’s networks or enterprise systems (including email). The study shows that, similar to last year, more than half of organizations are not confident personally owned mobile devices are secure.

The most comprehensive, thoughtful and thorough HIPAA-HITECH compliance program can be derailed by the unintentional actions of a single employee who is not fully aware of their obligations and role in safeguarding PHI or simply not cognizant of the potential impact of their actions. Yet, too often companies don’t provide adequate training to workforce members who have daily access to PHI and ePHI.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.