Industry Insight

Security Breaches, Data Loss, Unplanned Outages
Equal Big Costs

MeriTalk, a public-private partnership focused on improving the outcomes of health and government IT, has announced the results of its report “Rx: ITaaS + Trust.” HIT executives agree trusted IT solutions play a key role in enabling IT-as-a-service, an IT model that helps health care providers transform their extended IT infrastructure, improve service levels, deploy health care applications more quickly, and reduce costs. MeriTalk’s report quantifies the organizational cost associated with security breaches, data loss, and unplanned outages for health care providers—more than $1.6 billion a year—and provides insight into go-forward strategies.

Health information often is a target for malicious activity, and 61% of global health care organizations surveyed experienced a security-related incident in the form of a security breach, data loss, or unplanned downtime at least once in the past 12 months. Based on estimates from HIT executives in the EMC Global IT Trust Curve Survey, these incidents cost US hospitals an estimated $1.6 billion each year.

The MeriTalk study found that in the past 12 months, global health care organizations experienced the following:

• Security breaches: Nearly one in five (19%) experienced a security breach at a cost of $810,189 per incident. HIT executives said the most common causes for breaches include malware and viruses (58%), outsider attacks (42%), physical security—loss/theft of equipment (38%), and user error (35%).
• Data loss: Nearly one in three (28%) experienced data loss at a total cost of $807,571 per incident. Of those, 39% experienced five or more incidences of data loss. Common causes of data loss included hardware failure (51%), loss of power (49%), and loss of backup power (27%).
• Unplanned outages: Almost two in five (40%) experienced an unplanned outage at a cost of $432,000 per incident. On average, health care organizations lost 57 hours to unplanned downtime. The most common causes of outages included hardware failure (65%), loss of power (49%), software failure (31%), and data corruption (24%).

Providers acknowledged there is more work to be done to prevent such problems. Fewer than one in three respondents (27%) believed their organization was fully prepared to ensure continuous availability of electronic protected health information (PHI) during unplanned outages, disaster recovery, or emergency mode operations. And, once an emergency has passed, only 50% of respondents were confident in their organization’s ability to restore 100% of the data required by service level agreements. More than one-half (56%) would need eight hours or more to restore 100% of the data. The majority (82%) said their technology infrastructure was not fully prepared for a disaster recovery incident.

Recognizing the importance of trusted IT solutions, organizations planned to focus on encryption of PHI (55%), complying with the security risk analysis EMR meaningful use requirements (54%), and breach prevention and detection (44%).

Of the health care organizations that were not currently offering a particular IT capability as a service, one-half planned to do so within the next five years. Many were taking key steps to prepare, including the following:

• HIPAA security risk analysis as part of EMR meaningful use requirements (46%);
• single sign-on and authentication for Web-based applications and portals (44%);
• audit tools and log management (43%);
• encryption for PHI (42%);
• multifactor authentication for remote access for clinical staff accessing networks (including electronic PHI) off site (35%);
• security analytics to help with breach prevention (32%);
• centralized management and authenticated access to health information (31%); and
• data loss prevention to monitor the location and flow of sensitive data (29%).

— Source: MeriTalk

 

Samsung, UCSF Partner to Promote Digital Health

Samsung Electronics and the University of California, San Francisco (UCSF) recently announced a partnership to accelerate the validation and commercialization of promising new sensors, algorithms, and digital health technologies for preventive health solutions. The two organizations will jointly establish the UCSF-Samsung Digital Health Innovation Lab, a new space located in UCSF’s Mission Bay campus, where researchers and technologists will be able to develop and run trials to validate new mobile health technologies and accelerate the adoption of new preventive health solutions.

Advances in mobile health technologies such as wearable computing, health sensors, and cloud-based analytics promise to help people take control of their own health and to improve the quality of life for millions of people. However, without systematic, rigorous validation of these technologies, mobile health has struggled to gain widespread adoption by consumers and health care professionals. Samsung and UCSF aim to address this challenge by leveraging UCSF’s expertise in medicine and digital health and Samsung’s leadership in electronics and mobile technologies to rapidly develop new, effective technologies.

— Source: University of California, San Francisco

 

North Dakota Launches HIE

North Dakota Gov Jack Dalrymple recently joined state officials and members of the Health Information Technology Advisory Committee to officially roll out the North Dakota Health Information Network (NDHIN), a system created to share health information by connecting physicians’ EHR systems. Officials announced that a majority of North Dakota physicians, hospitals, public health units, and long term care facilities have health record systems that can connect with the statewide network, and that several providers already are sharing information via the NDHIN.

North Dakota is first among all states in sharing health records, according to Health and Human Services, with 83% of physicians utilizing EHR systems that can connect with the network. The national average is 48%.

This year, 100% of North Dakota hospitals have indicated they will go live with their EHR systems. In 2013, nearly one-half of the state’s long term care facilities reported an active EHR system, and an additional 33% indicated they would go live within two years. One-half of North Dakota’s public health units indicated they had or were in the process of implementing an EHR.

— Source: North Dakota Office of the Governor