WO asked its readers about the safety of their stored patient data following recent American Medical Association (AMA) research that found that 83 percent of physicians said that their practices have experienced a cyberattack of some type.
The poll found that 19 percent of respondents said that they knew or suspected that their practice or office data had been hacked or breached, and 100 percent of those who were hacked shared that it was done by an external party.
The AMA reported that 81 percent of hacking-related breaches result from stolen and/or weak passwords. When WO asked if ODs had a policy in place for password protection, more than 50 percent said that they had different levels of access for different employees. More than 50 percent also had a policy in place to change passwords routinely. Thirty-eight percent said that they had password-protection but no additional safeguards. (Percentages equal greater than 100 percent as respondents were able to check all answers that applied.)
Most practices had policies that covered workstation access (92 percent), and 71 percent had a policy for laptops or cell phones used out of the office that had access to protected data. Fifty percent had a policy for thumbdrives containing protected data, and 50 percent had a plan for destruction of devices with data. (Percentages equal greater than 100 percent as respondents were able to check all answers that applied.)
This WO Pop-up Poll’s questions stem from an AMA webinar on security risk analysis from September 2017. Matt DiBlasi, president of Abyde, addressed the AMA presentation and HIPAA liability in a data breach.