And that's because too many board members don't have the right level of IT and security expertise, a new Black Book study suggests.

Health system boards don't do enough IT oversight, report shows

By Nathan Eddy
11:09 AM

The boards of directors at U.S. hospitals health systems and hospitals are seriously lacking when it comes to technology expertise, according to a Black Book Research survey of 308 C-Suite executives.

WHY IT MATTERS
Just 4% of survey respondents said they have direct technology experience relevant to the healthcare industry, and nearly eight in 10 said they don’t get enough feedback or actual data regarding the technology challenges their health system faces.

A whopping 88% said they had no knowledge of healthcare cybersecurity risks, with just 7% claiming they were “somewhat knowledgeable” of the risks.

The vast majority (92%) had no knowledge of IT lifecycle cost studies, 63% were oblivious to IT optimization strategies, and more than nine in 10 had no knowledge of artificial intelligence AI and machine learning.

Nearly a quarter (23%) of those surveyed said they were highly knowledgeable of IT return on investment (ROI) and bottom line impact, with just three% claiming no knowledge of that topic.

When it comes to preparedness as a collective governance group, no respondents said they were “very prepared” to handle a large scale breach or hack, switching or replacing an electronic health record (EHR) vendor with a new one, or the complete failure of such a system.

Just 5% of board members surveyed said they have a dedicated technology committee, and there is widespread belief that board members are not impartial during the vendor selection processes.

On the contrary, approved spending was influenced mainly by either another board member, corporate management or the vendor sales executives.

THE LARGER TREND
The survey results follow a number of recent studies indicating health systems are woefully unprepared and uneducated about the security and technology challenges and risks they face.

Moreover, confidence in the ability to meet these challenges is high, even though a severe lack of knowledge could lead to disastrous results in the wake of a major security incident.

A June report from Integris Software found that while 70% of respondents were “very” or “extremely confident” in knowing exactly where sensitive data resides, less than half update their inventory of personal data once a year or even less.

The survey also revealed more than half of respondents said they needed to access 50 or more data sources to get a clear picture of where their sensitive data resides.

ON THE RECORD
"Up until governmental EHR incentives, the alignment of technology with patient care, quality and financial success meant that IT prowess was needed only at the operational level,” Doug Brown, founder of Black Book Research, said in a statement.

He noted in 2019, health systems are facing the challenge of implementing technology supports external-facing functions like marketing, analytics, intelligence, and interoperability, as well as supporting board affairs including strategy, vision, strategic and accountability.

"Health systems boardrooms are definitely becoming smarter about digital technology but it is a slow work in progress," said Brown.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209