New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk

70 Percent of Surveyed Hospital Security Professionals Say Senior Management
Fail to Prioritize Privacy and Data Security
SAN JOSE, Calif.--(Business Wire)--
LogLogic, the leader in log and security management solutions, and the Ponemon
Institute, a privacy and information management research firm, today announced
results of a national survey of healthcare IT security professionals that shows
patients may be surrendering their privacy as the $2.5 trillion medical industry
- prompted by federal stimulus funding - pushes to accelerate the pace of
digitizing health information records. 

According to the October 2009 Ponemon report, Electronic Health Information at
Risk: A Study of IT Practitioners, 80 percent of healthcare organizations
surveyed had experienced at least one incident of lost or stolen electronic
health information in the past year - four percent had more than five patient
data breaches. More than two-thirds of these healthcare organizations had
already digitized at least a quarter of their patient records and a third had
digitized more than half. 

Electronic medical records promise to improve patient quality of care and safety
- as well as reduce costs - but the study showed that IT practitioners don`t
believe they have management support to protect patient privacy as a priority.
According to survey respondents:

* 70 percent say senior management does not view privacy and data security as a
priority; 
* 53 percent say their organization fails to take appropriate steps to protect
the privacy rights of patients while less than half judge their existing
security measures as "effective or very effective"; and, 
* The average cost of a data breach, per patient record, exceeded $210 per
compromised record, creating an opportunity for organized computer crime rings
to traffic in stolen medical records*.

"The majority of IT practitioners in our study don`t believe that their
organizations have adequate resources to protect patients` sensitive or
confidential information," said Dr. Larry Ponemon, chairman and founder of The
Ponemon Institute. "The lack of resources and support from senior management is
putting electronic health information at risk." 

The study, sponsored by LogLogic and independently conducted by the Ponemon
Institute, surveyed 542 senior IT practitioners from healthcare organizations
with an average of more than 1,000 employees about how secure they believe
electronic patient medical records are. 

"Hospital security professionals today have a unique opportunity to be patient
privacy heroes," said Guy Churchward, CEO of LogLogic. "Healthcare reform is a
national priority, but we must ensure that patient data is protected." 

In addition to the Ponemon Institute study, LogLogic surveyed healthcare IT
security professionals about their role as the last line of defense in
protecting patient privacy to understand how they balance the benefits of
electronic medical records while also instituting practices and technology
solutions to guard patient confidentiality. 

In that customer telephone survey, LogLogic interviewed information security
professionals at seven large hospitals and medical groups representing more than
a quarter of a million healthcare professionals serving millions of patients in
the Northeast, North, South, Midwest and West of the United States. 

Survey respondents said that the new HIPAA rules, while not a perfect security
solution, are a good start in improving the protection of electronic patient
records. As the head of security of one of the West`s largest hospital groups
said, "In the final rules for HIPAA, if you have a breach you are by definition
not compliant - none of the wishy-washiness of the original rules. This merges
HIPAA privacy and security for the first time." 

The new Health Information Technology for Economic and Clinical Health Act
(HITECH) offers billions of dollars in federal assistance to encourage adoption
of electronic health record systems. It also expands the 1996 Health Insurance
Portability & Accountability Act (HIPAA) rules for data security and privacy
safeguards, including increased audits, enforcement and penalties. Among the
enforcement provisions are mandatory patient data breach notification
requirements. 

Highlights and a complete copy of the Ponemon Institute study and the LogLogic
healthcare customer survey may be found at
www.loglogic.com/resources/analyst-reports/ponemon-electronic-health-info-at-risk/

About LogLogic

LogLogic (www.loglogic.com) is the leader in log and security management
solutions. Supported by more than 200 partners and trusted by more than 1,000
customers worldwide, LogLogic solutions provide visibility and control to any IT
infrastructure so that organizations can significantly improve security,
compliance and network performance. LogLogic's open log management platform
enables customers to collect, search and store massive amounts of IT log data
from devices and applications for a comprehensive fingerprint of past and
current activity, through one convenient, easy-to-use web-based user console.
LogLogic`s business applications correlate user activities and event data in
real-time for a uniquely integrated approach to security event management,
database security management, security change management and compliance
management, resulting in improved accountability and lower costs for
organizations of all sizes. 

Check out LogLogic products at www.loglogic.com/logpower and follow LogLogic on
Twitter at www.twitter.com/loglogic. 

* The respondent`s self-reported estimated value of cost of a data breach on a
per-compromised record basis.

Page One PR, for LogLogic
Ray George, +1-415-321-2344 



Copyright Business Wire 2009