Skip to content Skip to navigation

Survey: Healthcare Organizations Lack Confidence in Secure Data Sharing

December 7, 2015
by Heather Landi
| Reprints

According to a new survey, the demand for access to health data is outpacing the ability of organizations to ensure patient privacy. A survey conducted by Privacy Analytics, a de-identification technology vendor, found that more than two out of three healthcare organizations lack complete confidence in their ability to share data without putting patients’ privacy at risk.

The survey, conducted in collaboration with the Electronic Health Information Laboratory, a group that conducts theoretical and applied research on the de-identification of health information, also indicated that despite organizations’ lack of confidence, data sharing activities continue to grow.

The survey, called The State of Data Sharing for Healthcare Analytics 2015-2016, polled 271 professionals with various levels of seniority in their organizations, from the C-suite level to managers and employees. One in three individuals surveyed identified as being responsible for privacy and compliance in their healthcare organization, and another 23 percent work in the IT department. Others surveyed identified themselves as researchers, clinicians, project managers, analyst and consultants.

More than half of the respondents of the survey said they plan to increase the volume of data stored or shared within 12 months and two-thirds currently release data for secondary use. And, secondary use of health data applies to protected health information (PHI) that is used for reasons other than direct patient care, such as data analysis, research, safety measurement, public health, payment or provider certification.

Health records are the leading type of data being stored or shared, followed by medical claims data, trial data, survey responses, membership/enrollment and device data.

The survey findings indicated that individuals lack familiarity with advanced methods of de-identifying data, and, as a result, these individuals release information that has been stripped of its usefulness or share data in a way that puts them at an unacceptably high risk of a breach, the survey authors reported.

And, most organizations use data sharing approaches that can result in unknown data privacy compliance and increased risk, as 75 percent of respondents reported that their organizations use approaches such as data-sharing agreements, data masking or Safe Harbor methodology.

According to the survey authors, these approaches do not adhere to globally accepted data sharing guidelines, including those from Health Information Trust Alliance (HITRUST), the Institute of Medicine (IOM), and the Council of Canadian Academies. Although Safe Harbor is recommended by regulators, it represents a minimum standard for de-identification that can leave data vulnerable to a breach.

While there is currently no universal standard for the de-identification of protected health information (PHI), efforts to create a framework are underway. HITRUST recently released a de-identification framework, which organizations can use when creating, accessing, storing or exchanging personal information.

The survey found that nearly half (48 percent) of respondents cited patient re-identification as a key challenge. Additional challenges include low staff knowledge on managing data safely, low staff knowledge of data sharing practices and tools, cost concerns and lack of organizational policies.




CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.