Health information technology executives almost universally want a standard way to verify the security of sensitive health data, and many express mistrust of their external partners in maintaining that security, according to a new survey.
Some 96% of health IT executives said that they think it is important to come up with universal security data verification, and 85% said the industry needs to do more to collaborate to develop a comprehensive framework. Some 55% expressed frustration that standard practices are not yet in place to satisfy HIPAA requirements.
The telephone survey of 150 health IT executivesof whom more than half work at hospitals, health systems or long-term-care centerswas commissioned by the Health Information Trust Alliance, or HITrust, and conducted by KRC Research in late January and February.
Health IT leaders said that they were most worried about losing customers' trust if they were to experience a security breach or other mishandling of sensitive patient data.
Four in 10 of those surveyed said that the biggest benefit of a security framework would be minimizing exposure to information theft, and three in 10 said the greatest benefit would be more consumer confidence.
Putting a common framework into practice would "reduce the cost of healthcare while raising the level of trust in the healthcare industry, 63% of respondents agreed.
"The industry cannot survive going in various different directions," said Daniel Nutkis, chief executive officer of HITrust. "This really confirms our need to collaborate."
Meanwhile, 79% of respondents said that they are not very confident in the security maintained by their external partners, and 74% do not completely trust external partners to maintain security and privacy of sensitive health information. About half said that they have penalties built into their contracts with external vendors in the event of a security breach, the survey found.
Still, only 37% collaborate with external partners on security issues, and 27% conduct audits of partners' security practices, according to the survey.
"None of us want to think we are the 'weakest link' in the healthcare information supply chain," said Frank Grant, senior director of U.S. healthcare at Cisco Systems, in a written statement. Cisco helped fund the survey. "A standard framework will help to significantly mitigate that risk."
HITrust is on schedule to deliver a framework for collaboration by the end of 2008, Nutkis said.
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.