Cybersecurity, privacy and security topped a list of priorities for healthcare workers and vendor organizations according to the 2019 HIMSS U.S. Leadership and Workforce Survey report, which surveyed the perspectives of health information and technology leaders on a number of topics influencing the healthcare sector.
Asked to rate their priorities on a scale of 1 (not a priority) to 7 (an essential priority), vendor groups rated cybersecurity, privacy and security at 5.38, while providers rated this at 5.69.This was followed by improving quality outcomes through health information and technology, which was rated 5.35 and 5.23 by vendors and providers, respectively.
“The market congruence reflected in the dominance of these two issues is a positive development. With vendors and providers pulling in the same direction on key issues, market leaders should be empowered to leverage the synergies from the shared effort to encourage significant change in these topic areas,” the report says.
The report said the fact that providers, particularly hospital respondents, responded so “passionately to this priority suggests a growing number of provider organizations
realize the need to protect existing business practices before aggressively pursuing other information and technology issues. If true, then there are potential downstream implications for the market as other information and technology priorities considered in this study may be put on hold or slow walked until the security concerns of organizations are settled.”
The report also noted that there was an increase in the number of executives whose role involved security, an indication of the seriousness with which cybersecurity, privacy and security are taken within organizations.
In breaking down the report, Healthcare Dive said among hospitals that employ IT executives, the most common types are chief information officer (84 percent) and senior clinical IT leader (68 percent). The website noted that the number of hospitals reporting a senior information security officer is growing fast — up 14 percent in the past year to 56 percent.
The HIMSS report pointed out that information and technology leadership in hospitals tended to be concentrated into two types of executives — chief information security officers (CIOs) and senior clinical IT leaders — with information security leaders emerging as a third notable member of the leadership team.
This led to a cause for concern, with Lorren Pettit, a vice president at HIMSS, cautioning that: “The emergence of a third leader overseeing a hospital’s information and technology efforts is bound to result in internal tensions as competing interests and overlapping jurisdictions present themselves. These challenges have the potential to stymy a hospital’s progression if hospital leaders are not careful to manage these hurdles effectively.”
The report’s findings were based on a survey of 269 health information and technology leaders, 232 from healthcare provider organizations and the remainder from health IT vendor or consulting organizations. The respondents were surveyed between late November 2018 and early January this year.
The survey consisted of two parallel questionnaires, based on the type of healthcare organization most closely reflecting the respondent’s employer: a provider survey for those employed by a healthcare provider organization and a health IT vendor or consultant (vendor) survey for those employed by such organizations. The report says respondents who did not meet the criteria of these two classifications were excluded from the survey.
Other priorities listed in the report include:
The elevation of cybersecurity, privacy and security to a priority is in keeping with recent trends in the healthcare sector. Late last year, a report by Kaspersky Lab said at least a third of healthcare workers in the U.S. and Canada said their companies had been targeted by cybercriminals and have been victim to ransomware more than once.
Another report by Protenus counted 503 separate incidents in 2018, affecting nearly 15.1 million patient records. Of those, 139 involved people working inside the organization and 45 of those had malicious intent, Healthcare Dive reported.
While there has been an increase in cybersecurity attacks, Kaspersky Lab warned that the healthcare industry in North America was not learning from previous mistakes and continued to suffer. But the report from HIMSS could be an indication that attitudes are beginning to change and cybersecurity is getting the attention it deserves.