April 24, 2017
Results from a recent survey reveal that 68% of healthcare employees occasionally share confidential or regulated data. The online survey was commissioned by Dell Data Security among 2,608 professionals internationally that personally have access to and work with confidential, sensitive or regulated data and information at companies with more than 250 employees. It was conducted from February 24 to March 9, 2017. The companies included those in the financial, education, healthcare and federal government sectors.
In most cases, according to the report, the employees’ motives are not malicious – they are simply trying to do their jobs as efficiently and effectively as possible. Nearly three of every four employees say they would share sensitive, confidential or regulated company information under certain circumstances.
The most cited circumstances include: being directed to do so by management (43 percent); sharing with a person specifically authorized to receive it (37 percent); determining that the risk to their company is very low and the potential benefit high (23 percent); feeling it will help them do their job more effectively (22 percent); and feeling it will help the recipient do their job more effectively (13 percent).
The survey also shows that one in three employees will frequently open emails from unknown senders at work, potentially opening the door for spear phishing attacks in which a cybercriminal seeks unauthorized access to sensitive information from a specific organization or individual by posing as a trusted source.
The good news is that 65 percent feel it is their responsibility to protect confidential data, including educating themselves on possible risks and behaving in a way that protects their company. However, only 36 percent of employees feel very confident in their knowledge of how to protect sensitive company information.
Maybe it’s time to conduct a survey at your organization, or better yet, take steps to ensure 100% of your staff are confident in protecting sensitive information. Among the many HIPAA services PrivaPlan offers to healthcare entities, the HIPAA Security Reminder Videos are designed to be distributed to all staff on a periodic basis to prompt mindful awareness around ePHI, provide methods to identify risk and potential exposure of ePHI, and provide the best practices on how to protect and secure ePHI.
Contact our HIPAA experts today. We’re here to help. Reach us at firstname.lastname@example.org or call 877-218-7707.