Push to E-Health Records Takes Away from Compliance Efforts, Survey Says

Lora Bentley

Surveys conducted at this year's Health Information Management and Systems Society conference indicate respondents are increasingly concerned about security and compliance issues now that the government is stepping up enforcement of the Health Insurance Portability and Accountability Act (HIPAA).


Sixty-four percent of conference attendees said user access control and compliance issues top their lists, and a great majority of survey respondents (75 percent) admitted concern about facing a HIPAA audit. Sixty percent said the thought of such an audit drives their security and compliance efforts.


However, limited budgets create a crisis of priority as HIMSS attendees are pushed to deploy e-health record systems, according to The Tech Herald, which quotes Courion chief marketing officer Todd Chambers as follows:

The HIMSS research supports an interesting dichotomy we're seeing in the healthcare market today. With CIOs taking on increasing responsibility for risk management issues along with operations, security is being looked at more strategically by hospitals. But with limited budgets, it's a challenge to prioritize. With more hospitals relying on remote and non-employee workforces, combined with the use of mobile and virtualization technology, the IT environment is increasingly difficult to secure, and without the enforcement of proper policies and checks and balances, audits will become increasingly difficult to pass.

The kicker -- even though conference attendees gave HIPAA compliance a lot of lip service and C-level executives are taking more of a hands-on approach to risk management, survey results also indicated that security and compliance don't really become top priority until the organization experiences a data breach.

Add Comment      Leave a comment on this blog post
May 7, 2008 5:45 AM Keith Harrell Keith Harrell  says:
Protection of data is critical to your operations. In order to reduce the risk of loss of data, I would consider performing a SAS70 audit. This type of audit will audit the internal controls related to your business processes and the information technology controls. A CPA will provide an independent opinion of your operations on the effectiveness of controls. You may contact me for more information. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.