While misuse of paper records, including their "improper destruction," was blamed over 40% of the time, the survey did show that computer-based security issues are multiplying fast, with the source of data attributed to actions or loss related to a laptop or handheld device about 22% of the time, up from 11% in 2010. Problems with data breaches related to third-party vendors storing healthcare data is also growing, reported this year at 10%, up from 6% in 2010. In contrast, network breaches attributed to outside attacks was about 3%.

The report says 31% of respondents indicated that information available on a portable device was among the factors most likely to contribute to the risk of a breach, up from 20% that said that in 2010 and 4% in 2008. Twenty-two percent of the respondents reporting a breach said the data was compromised when a laptop, handheld device or computer hard drive was lost or stolen, which is double the number who said this in 2010.

The report says the vast majority of healthcare institutions conduct formal risk analysis, relying mainly on federal guidelines such as CMS Meaningful Use and the National Institute of Standards and Technology. The goal is to comply with the mandates of the , which includes funding for healthcare records, and the HITECH Act, which contains penalties for security lapses related to misuse of .

The report says almost all the survey's respondents had taken steps to prepare their hospitals and medical centers for a possible federally-run Four percent had been audited and 90% in this case indicated they'd try to prepare better in the future. Two percent of all respondents said their organization had been fined as a result of a HIPAA violation.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.