- Cybersecurity, privacy and security continue to be top concerns in healthcare, with providers rating the triad 5.69 and vendors 5.38 on a seven-point scale, a new HIMSS survey shows.
- Improving quality outcomes through health IT is close behind, receiving 5.23 and 5.35 from providers and vendors, respectively.
- Close alignment of providers and vendors on security and quality bodes well for shared efforts to advance change in those areas, according to the 2019 HIMSS U.S. Leadership and Workforce Survey report.
Cyberattacks and data breaches are a growing problem in healthcare. A recent Protenus report tallied 503 separate incidents in 2018, affecting nearly 15.1 million patient records. Of those, 139 involved people working inside the organization and 45 of those had malicious intent.
Despite the threat, many healthcare organizations have been slow to make cybersecurity a priority. In a 2017 Black Book Market Research survey, just 15% of organizations reported having a chief information security officer and more than half said they don't perform routine risk assessments.
That could be changing.
According to the report, "Cybersecurity, Privacy, and Security" was one of the only "defensive" business strategies respondents were asked about. The high level of concern expressed by providers, especially hospitals, suggests they grasp the need to protect business practices. The finding "has potential downstream implications for the market as other information and technology priorities … may be put on hold or 'slow walked' until the security concerns of organizations are settled," according to the report.
Among hospitals that employ IT executives, the most common types are chief information officer (84%) and senior clinical IT leader (68%). Meanwhile, the number of hospitals reporting a senior information security officer is growing fast — up 14% in the past year to 56%.
"The emergence of a third leader overseeing a hospital's information and technology efforts is bound to result in internal tensions as competing interests and overlapping jurisdictions present themselves," HIMSS Vice President Lorren Pettit said in a statement.
The survey also points out the different priorities of hospitals and nonacute provider organizations. While nine in 10 hospitals said their organization has at least on IT leader, 53% of nonacute respondents said they had none.
Hospitals and nonacute care providers also have different experiences with their IT workforces, according to the report. Whereas hospital environments juggle myriad activities, nonacute providers have more constant workforce demands. That difference can help inform staffing strategies.
Overall, staffing continues to be a challenge for hospitals. Just 28% of hospital respondents reported being fully staffed, compared with 56% of nonacute providers. Vendors face even greater staffing challenges, with only 22% being fully staffed, but appear to be handling the challenge better than hospitals. For example, vendors had fewer IT projects on hold or scaled back, and cut back on use of staffing agencies (16% versus 33% a year ago).