Survey: Data breach prevention top of mind for IT decision makers

By Molly Merrill
10:55 AM

Preventing patient data breaches is cited as the number one priority for healthcare IT decision makers, but work remains for complying with security regulations, according to a national survey that examines IT trends in healthcare.

The 2010 Healthcare IT Survey, a poll of 600 decision-makers across hospitals in the U.S. and Canada, was conducted via Zoomerang, an online survey services provider, for Lexington, Mass.-based Imprivata, which develops enterprise authentication and access management solutions.

According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations are driving their organization's purchasing decisions. Seventy-four percent, meanwhile, say their organization will spend more on security in 2010 than it did in 2009.

Recently, Department of Health and Human Services Secretary Kathleen Sebelius announced tougher personal health information protection, as mandated under the HITECH Act, with a notice of proposed rulemaking designed to strengthen and expand enforcement of HIPAA.

The rule was published in the July 14 issue of the Federal Register, with public comments due by Sept. 13.

While the HITECH Act is a major concern for survey respondents, 38 percent still report they cannot track inappropriate access in accordance with the regulations. And 47 percent are not sure if their organization is subject to state requirements mandating strong authentication for identity verification at the point of electronic prescription drug order placement.

Challenges cited by respondents for complying with the HITECH Act included employee education (46 percent), costly updates (43 percent) and meeting deadlines (37 percent). Nineteen percent of respondents said they themselves do no understand the HITECH Act.

"More than one year after its passage, hospitals continue to be deeply concerned about their ability to meet deadlines imposed on them by the HITECH Act," says Barry P. Chaiken, MD, CMO at Imprivata. "Organizations fear security breaches and unauthorized access to patient records, while trying to manage clinical transformation through the deployment of EMR systems to achieve improved care delivery and cost savings.

According to the survey, passwords remain the most popular form of application access security, with 83 percent of respondents using them. However, 90 percent of respondents reported that passwords and time to access patient data have a negative impact on physician satisfaction.

The results of survey demonstrate that hospitals are struggling to balance the need for greater security with the established workflow of physicians and staff. It is imperative that hospitals secure user access without re-engineering established clinician workflows, say survey officials.

Access the full report here.