Approximately 96 percent of health IT executives think it is important to have a uniform way for verifying the security of sensitive healthcare information, and 85 percent think it is time for the industry to come together and develop a comprehensive framework that can provide that uniformity, according to a survey commissioned by the Health Information Trust Alliance (HITRUST) and conducted by KRC Research.
The results also show that more than half of those surveyed are frustrated that there are no standardized practices for complying with HIPAA, according to HITRUST.
“The results of this survey confirm what we’ve known anecdotally for a long time,” said Daniel Nutkis, CEO of HITRUST. “That there is a substantial need for a common security framework that is created by industry, for industry, and is therefore better able to quickly adapt to changes in technology and business practices as well as to constantly changing threats.”
Minimizing the risk of information theft is the number one benefit that health IT executives think will result from adopting a common set of healthcare information standards and practices, and 77 percent believe a common set of standards and practices would make it easier to obtain necessary funding for information security from top management, Nutkis said.
Although 82 percent believe that a common security framework would help their companies’ efforts to secure electronic healthcare information, more than a third of health IT executives do not think there is enough cooperation yet to effectively implement a common set of information security standards, guidelines and practices.
Two-thirds of health IT executives agree that a major security breach is inevitable if action is not taken in the security arena and 74 percent have concerns that their business partners do not have sufficient information security measures in place.
“None of us wants to think that we’re the ‘weakest link’ in the healthcare information supply chain,” said Frank Grant, senior director, U.S. Healthcare, Cisco, which helped to fund the survey. “But, given the numerous different ways that companies store and exchange personal data, sensitive information is inevitably at a higher risk of being compromised, even if unintentionally. A standard framework will help to significantly mitigate that risk and provide healthcare executives with a guideline for more accurate self-assessment and third party accreditation.”
Additionally, the 150 respondents expressed concerns over what would happen if the federal government were to take a leadership role in the development of a common framework for securing sensitive healthcare information. These concerns included the government’s insulation from market forces and worries about the bottom line. Other concerns included the government’s late adoption of new technologies and its bad track record on securing data.
An executive summary and the full survey report are available at www.hitrustalliance.org.