HIMSS Survey: Hospitals Putting Patient Data at Risk

According to survey results published last week during HIMSS14, inconsistent data backup and archiving practices at hospitals are “putting data and organizations at risk and unnecessarily straining IT storage budgets.”   

The study, conducted by HIMSS Analytics and sponsored by Boston-based storage services company Iron Mountain, was based on a survey of 150 senior-level technology professionals at hospitals across the nation. The survey assessed how hospitals protect data from potential loss or disaster, as well as archive it to meet long-term compliance requirements. Among the findings of the survey:

* Only half of respondents have a data archiving strategy in place

* Thirty-one percent don’t currently have disaster recovery and business continuity plans in place

* Forty-two percent of respondents don’t have a documented data retention policy that specifies how long to keep backup and archival data and when to destroy it

* A majority of hospitals said they classify an average of 75 percent of their clinical data as “active,” meaning they store it onsite for immediate access

“If you look at this survey, you’ll conclude that most hospitals continue to treat all data the same and don’t sufficiently tier it based on its importance and access requirements,” said Michael Leonard, director of product management, Healthcare IT Services for Iron Mountain, in a written statement. “Data vital to the business and near-term clinical operations should be backed up to remote data centers, allowing for fast access and protecting the data from extreme weather events or other disasters that could wipe out onsite servers. Less active data being kept for compliance reasons or future research needs doesn’t require the same level of access and can be stored on offline media.”

The company recommended that hospitals establish clear policies defining what data should be stored where and why, as well as policies that account for disaster or data loss. To stay ahead of growing volumes of health care data, they also advocated that hospitals consider automation and outsourcing.

“By 2015, most hospitals are expected to have undergone a massive, data- and reform-driven transformation,” added Lorren Pettit, vice president, market research, HIMSS Analytics. “Between the conversion to ICD-10 for better coding, meeting meaningful use milestones for data sharing at the point-of-care, and the continued influx of EMR/EHR systems, hospitals will have created an exponential proliferation of data volume. As this survey shows, all that data is generating problems that senior healthcare IT executives are not currently considering, making the need to develop a successful strategy to manage and protect that data essential.”

For reprint and licensing requests for this article, click here.