ONC Survey Reveals Government’s Vested Interest in HIT Security
A national telephone survey of more than 2,000 people conducted in 2012 by the Office of the National Coordinator for Health Information Technology (ONC) backs up the logical assumption that people who don’t trust security measures for electronic health records (EHRs) are much less likely to support electronic health information exchange (HIE) and much more likely to withold information from their health care provider.
The widespread adoption of HIE is a key goal of the ONC because of its potential to reduce waste in health care due to duplication of tests, procedures and services, as well as delays and mistakes in diagnosis due to missing information. The agency wants to build public support for both EHRs and HIE, and this effort would suffer if health care providers fail to adequeately protect patients’ electronic health and financial data.
According to the survey, 84 percent of those who answered the ONC’s questions believed that health care provicers have reasonable protections in place for EHRs. These people also were supportive of HIE and generally did not report having witheld information from their health care providers.
In contrast, among those who strongly disagreed that health care providers adequately protected EHR data, only 17 percent supported EHRs, only 29 percent supported HIE, and 33 percent had withheld information from a health care provider.
“The results underscore the importance of encouraging and enabling providers to better safeguard patients’ health information, in particular as it is stored and shared electronically,” the ONC’s report concluded.
Through the “meaningful use” requirements for receiving incentive payments to adopt EHR systems, the ONC has some leverage over providers and EHR system develpers. However, it has generally not used this leverage to dictate security requirements and leaft it up to providers and software developers to establish the best ways to protect patients’ sensitive personal data. Should providers fail in this duty, however, the survey provides evidence that consumer faith in the security of EHR systems is a government concern as well as a provider concern and could support greater government involvement.
The annual security survey by the Healthcare Information and Management Systems Society (HIMSS) released ahead of its annual meeting revealed that health information technology and security professionals consider the current health care security environment moderately mature. Most also said they either didn’t know how much of their IT budget was spent on securing patient data or reported that they spent 3 percent or less of their budget on securing patient data.