Suggested Content
- Community college training of HIT professionals questioned
- Veterans Affairs CIO Roger Baker on VLER progress
- Beacon Communities snag more money for IT
- Docs tell government panel EHR tales of woe
- CAQH, Edifecs launch platform for certifying CORE conformance
- University offers new way to measure HIE performance
- Grants target transition from hospital to home
- VA launches fourth data exchange pilot on NHIN
- HIPAA, HITECH at the heart of Virtual Conference session
WASHINGTON – A new survey shows that 96 percent of healthcare information technology executives think it is important to have a uniform way for verifying the security of sensitive healthcare information.
Eighty-five percent of those surveyed think the industry should be responsible for developing a comprehensive framework that can provide that uniformity.
The survey, the first of an annual series commissioned by the Health Information Trust Alliance (HITRUST) and conducted by KRC Research, interviewed 150 HIT executives by phone between January 28 and February 15.
More than half of those surveyed said they are frustrated that there are no standardized practices for complying with HIPAA.
"The results of this survey confirm what we have known anecdotally for a long time," said Daniel Nutkis, CEO of HITRUST. "There is a substantial need for a common security framework that is created by industry, for industry, and is therefore better able to quickly adapt to changes in technology and business practices as well as to constantly changing threats."
HIT executives say the biggest benefit in adopting a common set of healthcare information standards and practices is minimizing the risk of information theft.
And 77 percent believe a common set of standards and practices would make it easier to obtain necessary funding for information security from top management.
Although 82 percent believe that a common security framework would help their companies' efforts to secure electronic healthcare information, more than a third of HIT executives do not think there is enough cooperation yet to effectively implement a common set of information security standards, guidelines and practices.
Furthermore, two-thirds of HIT executives agree that a major security breach is inevitable if action is not taken in the security arena. For example, nearly half of the executives are very confident in the security of their own companies, yet 74 percent have concerns that their business partners do not have sufficient information security measures in place.
"None of us wants to think that we are the 'weakest link' in the healthcare information supply chain," said Frank Grant, senior director of U.S. Healthcare at Cisco, which helped to fund the survey. "But, given the numerous different ways that companies store and exchange personal data, sensitive information is inevitably at a higher risk of being compromised, even if unintentionally. A standard framework will help to significantly mitigate that risk and provide healthcare executives with a guideline for more accurate self-assessment and third party accreditation."
Additionally, respondents expressed concerns if the federal government were to take a leadership role in the development of a common framework for securing sensitive healthcare information. These concerns included the government's insulation from market forces and worries about the bottom line. Other concerns included the government's late adoption of new technologies and its bad track record on securing data.
