MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.


Blog Archives for November 2010
Poor Privacy Practice is Ailing Healthcare Industry
November 9, 2010, 6:05 am

It has been more than six years since the ChoicePoint data breach thrust the issue of privacy protection into the headlines. Since then hundreds of information security failures have been disclosed and the tools and techniques used to keep sensitive information safe have advanced at a healthy pace. Recent incidents in the healthcare industry, however, strongly suggest that best practices have not been universally adopted.

Looking deeper into this issue with our recent Benchmark Study on Patient Privacy and Data Security, sponsored by ID Experts, we learned something about the extent to which poor security practices are costing healthcare organizations. Here are some of our findings:
·         Data breaches cost the healthcare industry $6 billion per year;
·         Data breaches cost healthcare organizations an average of $1 million per year;
·         Lack of staff and preparation (policies and processes) are blamed for most data breaches; and,
·         The HITECH Act has not resulted in significant change to the industry’s approach to data protection.
Looking over some recent data breach incidents in healthcare I see breakdowns in access governance, failure to encrypt, loss or theft of devices, and disposal of unshredded documents. These causes are not unique to the industry, but the magnitude of some events stands out and suggests to me that the industry is struggling with the challenges of migrating from a largely paper-based model to one that is being asked to migrate quickly to a networked, digital format.
As I told Andy Greenberg at Forbes, hospitals have had a tradition of lousy IT that relies on paper billing records and filing without serious privacy controls. Migrating to electronic health records can help to address information protection, but attempting to manage security and protect privacy in a digital world using paper processes is a nightmare.
ID Experts president Rick Kam believes patient trust is being sacrificed at the altar of profit margins. “It is clear that in healthcare organizations today, patient revenue trumps risk management,” Rick told me. “Everyone is chasing electronic health record stimulus dollars and there is no allocation or consideration for protecting patient data."

The good news is that the healthcare industry doesn’t have to start from scratch, but can learn from the experience of the financial services and other consumer-facing industries. The sooner this happens, the better for everyone who is a consumer of healthcare services – and that is everyone.

Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)