CHICAGO – Healthcare organizations aren't prepared to meet privacy and security standards associated with the American Recovery and Reinvestment Act, according to a new survey.
The survey of 196 healthcare information technology and security professionals, conducted by the Healthcare Information and Management Systems Society and sponsored by Symantec Corp., a Mountain View, Calif.-based developer of security, storage and systems management solutions, indicated healthcare organizations aren't using available security technologies to keep patient data safe. Reasons given include stretched budgets and lack of a chief security officer (CSO) or chief information security officer (CISO).
Approximately 60 percent of respondents said their organization spends 3 percent or less of their organization's IT budget on information security. This is consistent to the level of spending identified in the 2008 HIMSS study. And fewer than half of the respondents said their organization has a formally designated CISO or CSO.