1. State the size of your organization according to total enterprise revenue.
 Response PercentResponse Total
  Under $.5 billion
26.5%9
  Between $.5 billion and $1.5 billion
47.1%16
  Over $1.5 billion
26.5%9
Total Respondents  34
(skipped this question)  1
2. Is your organization compliant with the HIPAA Security Rule?
 Response PercentResponse Total
  Yes
85.7%30
  No
14.3%5
Total Respondents  35
(skipped this question)  0
3. Did you perform a risk analysis?
 Response PercentResponse Total
  Yes
88.6%31
  No
11.4%4
Total Respondents  35
(skipped this question)  0
4. Which of these threats has proven to have the most significant impact to business and clinical processes? You may select more than one answer.
 Response PercentResponse Total
 Extended computer downtime
40%14
 Virus infection
25.7%9
 Human error/data entry error
42.9%15
 E-mail SPAM
37.1%13
 Data loss due to system or backup failure
20%7
 Internet hacker
5.7%2
 Password sharing/internal system misuse
62.9%22
 Physical Security breach
11.4%4
 Password stealing/social engineering
2.9%1
 Data or record mishandling
37.1%13
 Other (please specify)
5.7%2
Total Respondents  35
(skipped this question)  0
5. Who manages the systems and applications in your organization? You may select more than one answer.
 Response PercentResponse Total
 IT Services
94.3%33
 Vendor/ASP
28.6%10
 User/Department
45.7%16
 Other (please specify)
2.9%1
Total Respondents  35
(skipped this question)  0
6. Do managers periodically review reports of the access provided to the associates under their management?
 Response PercentResponse Total
  Yes
51.4%18
  No
48.6%17
Total Respondents  35
(skipped this question)  0
7. Have all employees been trained on the security management plan and do you believe they are aware of their responsibilities?
 Response PercentResponse Total
  Yes
62.9%22
  No
37.1%13
Total Respondents  35
(skipped this question)  0
8. List the systems your organization considers "criticial applications" for business recovery. You may select more than one answer.
 Response PercentResponse Total
 Clinical patient care/documentation/results
97.1%34
 Vital signs monitoring
65.7%23
 HR/payroll
60%21
 Patient billing/coding/medical records
82.9%29
 Administrative/office automation/productivity/tracking
8.6%3
 Scheduling/patient management
62.9%22
 Medical record imaging
60%21
 Department/business unit specific apps
22.9%8
 Purchasing/materials management/supply chain
31.4%11
 Physician portal
37.1%13
 Patient/consumer portal
8.6%3
 Other (please specify)
5.7%2
Total Respondents  35
(skipped this question)  0
9. Do you have email encryption fully implemented?
 Response PercentResponse Total
  Yes
37.1%13
  No
62.9%22
Total Respondents  35
(skipped this question)  0
10. Do all critical systems have virus protection?
 Response PercentResponse Total
  Yes
97.1%34
  No
2.9%1
Total Respondents  35
(skipped this question)  0
11. Do all critical systems have a Patch Mangement or Vulnerability Mananagement process?
 Response PercentResponse Total
  Yes
75.8%25
  No
24.2%8
Total Respondents  33
(skipped this question)  2
12. Do all critical systems have a Security Mannagement process, including audit logs?
 Response PercentResponse Total
  Yes
60%21
  No
40%14
Total Respondents  35
(skipped this question)  0
13. Do all critical systems have a systems monitoring process?
 Response PercentResponse Total
  Yes
71.4%25
  No
28.6%10
Total Respondents  35
(skipped this question)  0
14. Do all critical systems have a data backup methodology and backup media management process?
 Response PercentResponse Total
  Yes
97.1%34
  No
2.9%1
Total Respondents  35
(skipped this question)  0
15. Do all critical systems have a well documented and tested disaster recovery process and procedures?
 Response PercentResponse Total
  Yes
45.7%16
  No
54.3%19
Total Respondents  35
(skipped this question)  0
16. Do all critical systems have a user administration process, including access approval and control?
 Response PercentResponse Total
  Yes
91.4%32
  No
8.6%3
Total Respondents  35
(skipped this question)  0