Skip to main content
close search
site logo
Dive Brief

Health orgs aren't fully following IT safety advice, survey finds

Published Aug. 20, 2018
By
Les Masterson Contributor
Getty Images

First published on

Healthcare Dive

Dive Brief:

  • Healthcare systems aren't fully implementing voluntary Office for the National Coordinator for Health Information Technology (ONC) guidelines to protect e-health records, according to a new survey by researchers at the University of Texas Health Science Center at Houston.

  • The report, published in the Journal of the American Medical Informatics Association, found that health organizations have only fully implemented 18% of the recommendations.

  • Survey authors said to implement the recommendations, systems need to prioritize and fund them, make policy changes and get vendors involved. They also suggested new national policy initiatives to promote health systems to push organizations to follow the recommendations.

Dive Insight:

The low compliance rate shows that healthcare organizations have a long way to go to properly protect their patient information. That was already evident given the number of data breaches this year.

More than 200 breaches have been reported this year, including 10 affecting more than 100,000 people each. These cases included hacks, thefts, losses and unauthorized access, impacting providers, payers, business associates and government agencies.

Congress is aware of the problem, which goes beyond healthcare companies, and has introduced legislation to demand companies promptly report data breaches. The government would also hold executives criminally accountable.

Dean Sittig, the JAMIA study's lead author, and Hardeep Singh of Baylor College of Medicine, created the Safety Assurance for EHR Resilience (SAFER) guidelines in 2014. The guides were created to help healthcare organizations prioritize EHR safety and develop practices to protect information. It includes 140 recommendations in nine guides.

The study authors surveyed eight healthcare organizations in the U.S. and Australia to gauge progress. The survey was supported in part by the HHS Agency for Healthcare Research & Quality. The researchers found that companies only implemented 25 of 140 SAFER recommendations.

The systems were most likely to have implemented recommendations in three sections: safe health IT (82% compliance), using health IT safely (73%) and monitoring health IT (67%). The safe health IT domain includes recommendations about data and application configuration back up and hardware systems. It also suggests oversight of EHR downtime and reactivation policies.

Sittig and Singh suggested possible reasons health systems haven't implemented the recommendations include issues related to funding, personnel skills and organizational priorities.

Recommended Reading

Filed Under: Digital Health

Editors' picks

Company Announcements

View all | Post a press release
VADI Medical shows Next-Generation Respiratory Devices at MD&M West 2025
From VADI MEDICAL TECHNOLOGY
January 09, 2025
Joinsoon Electronics Shows Innovative Cable Solutions at MD&M West 2025
From Joinsoon Electronics Manufacturing (JEM)
January 13, 2025

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Digital Health
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.