Elevated Heart Rates: EHR and IT Security
Many healthcare organizations are driving to implement electronic health records (EHRs) during 2011 in an effort to capture early-adoption incentive payments. Patients have a stake in this transition because as more information becomes digitized, new processes, technologies and policies will be required to protect their information. EHRs are not inherently less secure, but they do have different security requirements.
Click to Tweet: Elevated heart rates: Americans cite security as top concern with #EHR adoption according to new #CDW Healthcare study http://bit.ly/h6m7Hi
To view an in-depth analysis of the EHR and IT Security Report, please complete the information form at the link below.
CDW Healthcare surveyed 1,000 Americans to gain insight into patient perceptions of IT security in healthcare and patient requirements for the protection of their personal information and understand:
- Who patients trust to view and manage their personal information
- What patients consider to be their personal information and how they think EHRs will affect the privacy and security of that personal information
- How patients will likely respond to security breaches
- What steps healthcare organizations should take to prepare for the new information technology security requirements created by the transition to EHRs
- Patients hold doctors' offices directly responsible for patient data: 80% of respondents cite the doctors' offices in general or someone at the office as responsible for the protection of their personal data
- Patients trust their doctor's office: 83% of respondents trust doctors to use their data in their best interest and 67% trust physician practices to protect their data
- That said, patients have concerns about EHRs: 49% of respondents believe EHRs will have a negative effect on their personal information and health data
- Based upon data from the CDW's Physician Practice EHR Price Tag Report, some practices are not ready to protect electronic patient data: 30% do not use anti-virus software and 34% do not use firewalls
A 2010 CDW Healthcare national survey of 200 physician practices found that many practices are not prepared to handle electronic patient data securely. The survey revealed critical gaps in the IT security profile of the average physician practice:
Recommendations for a Healthy IT Security Lifestyle:
With the new era of EHRs comes a broad new set of requirements for physician practices, hospitals and health networks. These organizations must be prepared to protect vast new stores of information against theft, loss and misuse. To prepare, healthcare organizations should:
- Execute an IT Security Assessment: Many healthcare organizations do not know the current state of their IT security infrastructure. Fewer still know what constitutes an adequate profile. Healthcare organizations need to work with a trusted partner to secure a baseline understanding of what their security profile looks like today
- Start with the Basics: Notably, 30% of physician practices state that they do not use antivirus software and 34% do not use network firewalls. At the absolute minimum, healthcare organizations need to immediately implement steps to meet reasonable security standards
- Protect Your Investment: As healthcare organizations consider the transition to EHRs, they have the perfect opportunity to implement IT security practices tailored to their solution. This not only protects a sizable investment in technology, but also ensures that as patient data goes digital, security protections are already in place
- Start Now; Reassess Often: IT security is not a one-time fix. Though the EHR transition is a perfect time to initiate tighter IT security controls, all healthcare organizations need to consider their IT security profiles and should consider conducting an assessment at least once a year
Between January 24 and January 31, 2011, CDW Healthcare surveyed 1,000 adults in the United States about the security and privacy of their personal information.
All respondents have been to both a doctors’ office and a hospital/outpatient facility during the previous 18 months.
Age and gender distribution of the sample population matches that of the overall U.S. population.
All respondents have been to both a doctors’ office and a hospital/outpatient facility during the previous 18 months.
Age and gender distribution of the sample population matches that of the overall U.S. population.
