25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Healthcare Organizations Prioritizing Compliance Over Data Breach Prevention

Posted By on Apr 15, 2016

A recent survey conducted by 451 Research on behalf of security firm Vormetric indicates 96% of IT managers expect their organizations to be attacked by cybercriminals.

The survey was conducted on 1,100 IT managers including over 100 working in healthcare organizations. One in five organizations have experienced a data breach in the past 12 months, while 63% of respondents said they have experienced a data breach in the past.

Even though the threat of a data breach is considerable, a majority of healthcare IT managers say their organizations are prioritizing compliance over data breach prevention. 61% of healthcare IT managers said compliance was their main priority, compared to just 40% that said it was data breach prevention. Other priorities were preventing reputation and brand damage and implementing security best practices, rated as the main priorities by 49% and 46% of respondents respectively.

More than Two Thirds of Respondents Said Achieving Compliance Was an Effective Way of Protecting Data

 

69% of healthcare IT managers said achieving compliance with EPCS, FDA CFR Title 21, HIPAA and PCI DSS was an extremely or very effective way to protect data and prevent breaches.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA requires healthcare organizations to implement administrative, physical, and technical safeguards to protect ePHI; however, in the report it is explained that compliance is only one aspect of data security. 451 Research senior analyst Garrett Bekker pointed out that many HIPAA-compliant healthcare organizations have still experienced PHI breaches. Compliance with HIPAA is important and will go some way toward preventing breaches of sensitive data, but the legislation only sets minimum standards for data security.

It is not surprising that healthcare organizations are making compliance a priority, especially with the second round of compliance audits taking place this year. However, if data breaches are to be prevented, far greater cybersecurity protections need to be put in place.

When asked about the barriers that are preventing the adoption of better data security protections, 54% of respondents said the main problem was the complexity of the task. 38% of respondents said a lack of staff was preventing better protections from being put in place. The researchers point out that complexity was certainly a problem in the past, although modern data security solutions are easier to deploy and lack many of the maintenance problems that respondents are familiar with.

The report indicates that healthcare organizations are favoring investment in traditional defenses to protect data from attack and are implementing technologies to improve endpoint and network security defenses. Bekker points out that these technologies do little to protect data if the perimeter is breached and suggests that more should be done to protect data at rest.

49% of respondents said they have increased spending on network defenses, and 79% of respondents said network defenses were extremely or very effective at protecting data. Endpoint and mobile defenses were rated as very or extremely effective at protecting mobile devices from attack, but less than half of respondents said they were increasing spending on measures to protect data-at-rest.

The report indicates that 38% of healthcare organizations are planning to store data in IoT environments, although 37% said they were concerned about privacy violations occurring as a result of IoT environments, while 36% were concerned about protecting IoT data.

Healthcare organizations are increasingly using the cloud to store sensitive data, although there is considerable concern about data security. 74% of respondents said they were concerned about privileged user abuse at the cloud level, 72% were concerned about meeting compliance requirements related to cloud storage, and 69% were concerned about security breaches at the cloud user level.

In spite of security concerns around half of respondents said they were planning to use SaaS environments (48%), while 53% were planning to use IaaS and PaaS resources in the next 12 months. 51% of respondents said they were planning on storing sensitive data in these environments.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist