‘Tis the season for surveys.  In particular, security surveys.

HIMSS has released its 5^th Annual HIMSS Security Survey, and it shows that, at least among survey respondents, spending on health IT security and privacy has remained relatively stable even as, according to the Ponemon Institute’s third annual "Benchmark Study on Patient Privacy and Data Security,” data breaches have risen.

But while spending may on average be stable, the survey suggests that security related activity among healthcare organizations is not.

For example, the report found that “the overall percent of an IT budget that is spent on information security has remained relatively unchanged in the past year.  While more than half of respondents indicated that their security budget increased in the past year, more than half are still spending three percent or less of their overall IT budget on securing patient data.  Similarly, at least half of the respondents reported spending three percent on IT security in the 2008 study.”

At the same time, though, the report also noted that “while the number of respondents conducting a formal risk analysis has remained constant at about three-quarters over the past five years, the frequency with which organizations are conducting a risk analysis has increased; about two-thirds of respondents now report that they conduct a risk analysis at least annually, compared to 54 percent reported by 2008 respondents.”

Other findings included:

·  Almost two-thirds of respondents (64 percent) reported that their organization conducted an audit of their IT security plan, while less than half (43 percent) reported that their organization tested their data breach response plan. 

·  While use of tools like firewalls and user access controls has remained widespread in the past several years, growth of tools such as biometric technologies and public key infrastructure has remained limited.

The full report can be found here.