Jason Stitt - Fotolia

Security the focal point of buying decision survey

Security, health data analytics, cloud and compliance are top of mind for those in charge of health IT buying decisions, a TechTarget survey finds.

Health data security, HIPAA compliance, analytics, business intelligence and big data, and cloud-based services -- these are the areas in which health IT executives plan most of their investment these days.

And it's not EHRs anymore that occupy the biggest mind share of those making the buying decisions at large medical centers, hospitals and ambulatory care providers.

TechTarget's survey of health IT professionals at 347 healthcare organizations was conducted in January and February in partnership with the College of Healthcare Information Management Executives and looked at buying intentions across a broad spectrum of provider and technology categories.

Consensus on security need

The key finding -- that security issues are paramount in health IT buying intentions -- came as little surprise to four independent sources interviewed by SearchHealthIT after being provided with the survey.

All four cited recent reports of high-profile data breaches involving millions of customer health data and financial records at two big insurers, Anthem Inc. and Premera Blue Cross, as evidence of a dramatic need for more serious security that goes beyond conventional firewalls and perimeter systems.

We have the data, but we need to derive insights from it, to connect the dots.
Shruthi Parakkalhealth IT analyst

"The emphasis on security reflects where the attention is and where the narrative is in healthcare right now," said Fernando Martinez, former CIO of Parkland Health and Hospital System in Dallas, now a consultant with the Texas Hospital Association. "To my absolute astonishment, there's still a huge number of organizations that don't [install modern security systems]."

The survey breaks down planned investments into 10 main areas. These are the top four areas, by percentage of respondents citing an area as a chief concern:

  • Security, 49.3%
  • Analytics, business intelligence and big data, 36.6%
  • Compliance, 36.3%
  • Cloud, 32%

EHR buying slows

By comparison, 27.4% cited EHR buying decisions, still a significant number but one that probably reflects a health IT landscape in which most providers have already made the switch to EHRs, said Shruthi Parakkal, a health IT industry analyst for market research firm Frost & Sullivan.

Parakkal said the strong interest in cloud services likely represents providers' pressing desires for cost containment as organizations' expenses rise and IT budgets stagnate while Medicare reimbursement, for example, is being reduced or pushed into value-based pipelines.

In many cases, cloud-based analytics, population health systems and even imaging storage are cheaper than maintaining and upgrading expensive hardware services on-site, even though most big healthcare systems and integrated delivery networks (IDNs) still favor enterprise-based networks, Parakkal noted.

"If you're using the cloud, you're eliminating that extra cost and also gaining efficiency. That's why providers are going to do it," Parakkal said. "Banking and other industries are very much into the cloud. Healthcare is just following suit."

Not everyone is as bullish about today's trend toward the cloud.

Martinez, the Texas health IT consultant, argues that for the largest healthcare systems, cloud technology is not mature, nor secure, enough yet for those providers to place their trust in it.

"While some clouds are better than others, there's more inherent risk in the cloud," Martinez said. "But it does make business sense, and more and more companies are going to do that and set up those cloud environments."

Analytics upswing

Meanwhile, the clear enthusiasm that the survey respondents displayed for analytics and its cousins, big data and business intelligence, also shows the maturation of health IT from EHRs, HIEs, and industry standards such as HL7 and ICD-10, to tools that mine all the data residing in providers' repositories to improve medical outcomes and lower costs, Frost & Sullivan's Parakkal said.

One of the most vibrant subsectors is using predictive analytics to integrate knowledge from big databases into evidence-based medicine and clinical decision support, she said.

"We have the data, but we need to derive insights from it, to connect the dots," she added.

As for security, even smaller hospitals are beefing up their ability to not only prepare for HIPAA and meaningful use audits, but also to add multiple layers of protection at workstations and around their data networks, according to Michael Archuleta, director of IT and HIPAA security officer at Mt. San Rafael Hospital, a critical access facility in Trinidad, Colo.

Meaningful use incentive recipients must perform HIPAA security assessments, and must pay back incentive monies if they're found to be in noncompliance.

Archuleta said his hospital has been looking at a single-sign-on authentication system from Imprivata Inc. -- a security vendor with many healthcare clients cited by some potential buyers in the survey -- that would provide individual authentication for all employees with access to protected health information.

At the same time, Archuleta said he is hoping to add more analytics and business intelligence tools from third-party vendors to Mt. San Rafael's EHR system from Medhost Inc.

"I'm talking about using it for clinical data improvements to revenue cycle management to overall system management," said Archuleta, who is also the small hospital's picture archiving and communication system administrator.

Mt. San Rafael's health IT professionals also plan to use analytics programs to help trigger ICD-10 when it is expected to take effect in October. The programs would identify the top 20 diagnosis codes, for example, and make sure doctors and coders are ready for them. Also, the tools will help him gain visibility into all sectors of his network from one dashboard instead of having to try to pinpoint security flashpoints in different nodes of the system, he said.

"The new security and business intelligence tools are just going to let us see more quickly and better the scope of the whole process so we have an overview of what is going on," he said.

The desired end result, Archuleta said, is to "improve patient care."

Security vendor says threat is real

Perhaps not surprisingly, David Ting, president and chief technology officer at Imprivata, and a familiar voice on the security panel and health IT circuit, said he wasn't surprised at all by the distinct emphasis on security in the TechTarget survey on buying decisions.

Security, Ting said, is "the next revolution."

"All these healthcare organizations are going to have to be much more wary of being targets. Everyone realizes that now," Ting said. "The big university hospitals and IDNs are being attacked all the time."

At risk is increasingly valuable data that thieves can use for insurance fraud, identity theft, and copying trade and process secrets.

Ting said outside forces -- not only cybercriminals but also foreign companies and governments -- routinely try to look into U.S. healthcare systems' data networks to see if they can learn their Internet Protocol processes and methodologies, including patient and clinical workflows.

Let us know what you think about the story and tell us about any buying decision you've made; email Shaun Sutner, news and features writer or contact @SSutner on Twitter.

Next Steps

Healthcare executives search for cooperative vendors during purchasing decisions

Nurses don't hold back in responses to EHR survey

Check if an EHR follows Health Level 7 protocol during a buying decision

Dig Deeper on Electronic health records security compliance