Talk about a lot to do. On one hand, healthcare execs have to weigh how Internet technology figures into an information strategy. On the other hand, there's an imminent federal mandate to standardize transactions and keep medical records private. Can one hand wash the other?
More than eight of 10 chief information officers think so. And of those who do, 14% say Internet technology will be central to their plan for playing by the rules of the Health Insurance Portability and Accountability Act of 1996.
However, a survey of CIOs conducted for Eye on Info by the College of Healthcare Information Management Executives also detected sizable misgivings about the security challenges of using Internet protocols in their plans. In written comments, some of the 141 survey respondents nixed using the Internet because of the security issue; others balanced such concerns against the reality that Internet technology is likely the future of information exchange.
Here's a sampling of opinion:
A bullish respondent wrote, "Since we feel that the Internet will be an integral part of our future strategy for info delivery, it will be an important component in our HIPAA strategy."
But another CIO had the opposite opinion: "I do not think that the Internet will play any kind of significant role in meeting our HIPAA compliance standards."
Some CIOs expressed misgivings such as, "At this point, I view Internet technology as part of the problem rather than part of the solution. Even though it is unrealistic to believe we don't have to deal with it, the unstructured and uncontrolled Internet technologies will be rolled out last after careful analysis and a lot of testing."
For others, inevitability trumped misgiving: "Security and privacy framework needs to be firmed up. . . . However, it is our assumption that the pace of technology improvement on the Internet over the next two years will enable some portions of HIPAA-compliant business to occur successfully within the context of the security and privacy framework of regulations."
But another CIO adamantly refused to go there: "The Internet as an environment is a dangerous component of any strategy due to the cost of security in that world."
A CIO, expressing a view shared by others, wrote, "We are still trying to understand what HIPAA really means and the impact it will have on our organization. With Y2K behind us, we are now trying to elevate our understanding of this requirement."