SlideShare une entreprise Scribd logo

PA Data Sharing Survey 2016 POSTED.final

Dyan Tufts-Conrad @dyanconrad
Dyan Tufts-Conrad @dyanconrad
1  sur  16
Télécharger pour lire hors ligne
PRIVACY ANALYTICSNothing personal. THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015 - 2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve regulatory compliance
Healthcare organizations are experi- encing greater demand than ever to share data, both internally and exter- nally. Yet, despite the need for sophis- ticated methods, organizations are relying on rudimentary approaches to managing the privacy and security of their data, leaving them – and their patients – at risk. In order to begin addressing this gap, the industry must identify what challenges healthcare organizations face and what methods are used when sharing sensitive information. The following summarizes the key findings from The State of Data Sharing for Healthcare Analytics 2015-2016: Change, Challenges and Choice. The survey was launched earlier this year by Privacy Analytics, in collaboration with the Electronic Health Information Laboratory, a group that conducts theoretical and applied research on the de-identifica- tion of health information. The survey assessed the state of data sharing in healthcare and the challenges in disclosing data for secondary use. Secondary use of health data applies to protected health information (PHI) that is used for reasons other than direct patient care, such as data anal- ysis, research, safety measurement, public health, payment, provider certi- fication or marketing. Healthcare organizations lack matu- rity in how they currently utilize their data1, but data analytics in healthcare is taking hold. Investments made through the HITECH Act and other programs accelerated the adoption of technology, transforming health- care in recent years. Vast amounts of data are now captured in electronic medical records, medical monitoring tools and information portals. One outcome has been a flood of requests for this sensitive information, from internal groups that want to monitor clinical quality, external organiza- tions that aim to integrate data from various systems to gain a comprehen- sive view of patients and uncover new treatments. Moving beyond individual data silos to integrated data systems that support decision-making and innova- tive research holds great promise, but progress to implement this has been slow. While staff, from executives to front-line workers, see the potential of data analytics, most are unsure of how to reconcile the need for detailed and high-quality data with privacy regula- tions. Because many individuals lack familiarity with advanced methods of de-identifying data, they are releasing information that has been stripped of its usefulness or – even worse – sharing data in a way that puts them at an unacceptably high risk of a breach. INTRODUCTION 1
2 THERE IS A LACK OF TOTAL CONFIDENCE IN THE ABILITY TO PROTECT PRIVACY. More than two out of three lack complete confidence in their organization’s ability to share data without putting privacy at risk. FINDINGS AT A GLANCE THE DEMAND FOR DATA IS GROWING AS FAST AS THE AMOUNT OF DATA BEING COLLECTED. More than half of the respondents plan to increase the volume of data stored or shared within 12 months and two-thirds currently release data for secondary use. MOST ORGANIZATIONS USE APPROACHES THAT CAN RESULT IN HIGH RISK DATASETS. More than 75 percent of respondents said that their orga- nization uses one or more of the following: data-sharing agreements, data masking or Safe Harbor. HEALTHCARE ORGANIZATIONS ARE SLOWLY STARTING TO MONETIZE DATA ASSETS. One in six says they share data with other organizations for profit. INDIVIDUALS LACK FAMILIARITY WITH ADVANCED METHODS OF DE-IDENTIFYING DATA. As a result, they release information that has been stripped of its usefulness or share data in a way that puts them at an unacceptably high risk of a breach.
SURVEY PARTICIPANTS 3 RESPONDENT ROLES LEGAL 5% OTHER 42% IT 23% COMPLIANCE 16% PRIVACY 14% “Other” includes individual cross-appointed to more than one role, as well as those involved in management, research, clinical roles, finance, and marketing. RESPONDENT JOB ROLES A total of 271 individuals completed the online survey between July and September 2015. The respondents held various levels of seniority in their organization, from the C-level (33%) to managers (40%) and employees (28%). Approximately one in three individuals surveyed is responsible for privacy and compliance in their organization. Another 23% work in the IT depart- ment. Others identified themselves as researchers, clinicians, project managers, analysts and consultants. This diversity reflects the broad spec- trum of individuals involved in privacy decision-making. Respondents were mainly located in the U.S. (75%) and Canada (18%), with a small number of individuals located in Europe (4%), Asia (3%) and other regions.
4 The State of Data Sharing for Healthcare Analytics 2015-2016: Change, Challenges and Choice market survey reveals that, while healthcare organizations are seeing a surge in the demand to share data for secondary use, data analytics in healthcare is still immature. As a result, organizations can expect to feel mounting pressure to bring their data storage and sharing practices in line with emerging industry standards. HITRUST, the Institute of Medicine, PhUSE and the Canadian Council of Academies have all put forward guidelines that recommend the use of risk-based de-identification when disclosing PHI for secondary uses. The major findings of this survey reflect overall trends being seen in healthcare analytics. Results found here are consistent with those of surveys conducted by other reputable groups with interests in data secu- rity and privacy. One finding from the 2015-2016 survey revealed that more than two out of three respondents lack complete confidence in their organization’s ability to responsibly share data for secondary uses without putting individual privacy at risk. This is almost identical to a recent ISACA survey that found only 29% of privacy professionals are very confident in their enterprise’s ability to ensure the privacy of its sensitive data.2 To gain insight into healthcare orga- nizations’ need to protect patient privacy, the challenges faced, and the approaches currently being used, the survey presented questions in three sections: Basics of data sharing, Current uses of data, and Challenges. The main findings from each section are presented below. KEY FINDINGS
BASICS OF DATA SHARING Respondents see demand for their data coming from a variety of sources, both internal and external, and many already release data for secondary use. Internal uses of data include any data sharing within the organization that is not for providing care, such as quality assurance for products and fraud detection. External uses of data include any use of data by an outside organi- zation, such as for revenue or reporting purposes. While external data sharing occurs primarily with academic institu- tions for research and analysis, there is interest in greater sharing with other outside organizations, too. Nearly two-thirds (62%) of respon- dents indicated that their organization currently releases data for secondary use. A majority (56%) are also planning on increasing the volume of data they share in the next 12 months, regard- less of whether or not they already share data with others. Respondents who expressed an interest in de-identification said that it is primarily due to increased demand to share data externally (45%) and the desire to make use of sensitive data internally (41%). Other reasons include validation for compliance (26%), soft- ware testing (17%) and research (4%). The majority of respondents who already share data, either within their organization only or with another firm externally, are interested in sharing data externally in the future with academic institutions and researchers (46%). A large portion of respondents is interested in sharing data externally in the future with pharmaceutical companies (27%) and device manufac- turers (14%). Health records are the leading type of data being stored or shared (55%) by respondents, followed by medical claims data (44%), trial data (36%), membership enrollment (33%), survey responses (33%), and device data (23%). In summary, demand for data is on the rise, including for organizations that only use data internally. It is important for organizations using data for any type of secondary purpose, including internal uses such as quality assur- ance, to protect it. 5
Medical claim data Membership or enrollment data Device data Trial data Survey responses Health records 0 5 10 15 20 25 30 35 40 45 50 55 60 Percentage of respondents Research Compliance and validation Sharing data externally Using data internally Software testing 0 5 10 15 20 25 30 35 40 45 50 Percentage of respondents 6 INTEREST IN USING DE-IDENTIFICATION TYPES OF DATA BEING SHARED
Sharing for profit Sharing for primary analysis Sharing for secondary analysis 0 10 20 30 40 50 60 70 80 Percentage of respondents CURRENT USES OF DATA Survey respondents indicated that they anticipate the demand for data to grow in the foreseeable future, with a few already starting to monetize their data. Those who have started monetizing data are slightly more inclined to use Safe Harbor de-identifi- cation strategies, but most are relying on data sharing agreements and masking techniques only. While Safe Harbor substantially reduces the risk of re-identification, it does not provide the same level of rigor as risk-based de-identification, putting organizations at an unnecessarily high risk of a data breach. While data are often being used for secondary analysis such as research or fraud detection (60%), the largest use is for primary analysis, including quality assurance (72%). This finding is in line with a HealthLeaders Media survey conducted earlier this year showing the top analytic use of data to be improving clinical quality.3 The move towards monetizing data assets will be propelled by changes to hospital reimbursements. The shift to pay-for-performance models means Regardless of whether or not they currently share data, the majority of respondents foresee an increase in their data sharing practices within the next year. 7 CURRENT USES OF DATA
Masking non i ation or i ntifi ation Not sure/none hir part i ntifi ation Saf ar or i ntifi ation Data sharing agreements 0 5 10 15 20 25 30 35 40 45 50 Percentage of respondents that providers will likely see declining reimbursements in the near term. Health insurers will also feel the pinch, caught between health providers and their clients. As business fundamentals become more important, data analytics will give insights on ways to cut costs and improve efficiencies.4 But, expect these players to increasingly look to monetization of their data as a way to generate new revenues. The propor- tion of respondents that have begun monetizing their data assets (19%) is in line with research from Gartner that reported 30 percent of U.S. businesses will monetize their information assets by 2016.5 When it comes to data management practices, two-thirds of respondents are managing the majority of their data sharing practices in-house. When asked to identify their current data manage- ment practices, more than 75 percent of respondents said that their organiza- tion uses one or more approaches that could result in unknown data privacy compliance and risk, such as data- sharing agreements (50%) and data masking (31%). The use of Safe Harbor methodology is also on the rise (28%). Although Safe Harbor is recommended by regulators, it represents a minimum standard for de-identification that can leave data vulnerable to a breach. One in 13 respondents said their organiza- tion currently uses no data manage- ment practices. 8 DATA MANAGEMENT TECHNIQUES
to n r tan ri of r i ntifi ation oo fit into rr nt infra tr t r Granular high-quality data rtif ing o p ian oo i i p 0 1 2 3 4 5 6 7 8 9 10 Rated by importance (10 being the most important) Cost Low knowledge on sharing and software No concerns Lack of data use policy Low knowledge on managing data i ntifi ation on rn 0 5 10 15 20 25 30 35 40 45 50 Percentage of respondents 9 MOST IMPORTANT ELEMENTS OF A PRIVACY SOLUTION CURRENT CONCERNS IN DATA SHARING However, one in five respondents says that their organization has taken steps to reduce risk by using expert determination de-identification software or third-party de-identification. This type of de-identification represents the most stringent data protection available. These organizations are more likely to be handling health records (57%), medical claims data (51%) or trial data (51%), some of the most sensitive types of data being handled today. While this small subset of organi- zations that handle sensitive data understands the complexities around data sharing, many more are leaving themselves open to unnecessary levels of risk and noncompliance.
CHALLENGES Healthcare organizations are slowly beginning to unlock their data for secondary uses. Faced with requests for sensitive information, they must balance the demand for high-quality, granular data with requirements for privacy compliance. Unfortunately, two out of three respondents lack complete confidence in their organization’s ability to share data without putting individual privacy at risk. The demand for data, combined with the magnitude of PHI being collected in electronic medical records, medical monitoring apps and other healthcare networks, makes this a cause for concern. Healthcare is a heavily-regulated environment where failure to act with care not only puts patient privacy at risk but exposes the organization to legal, financial and reputational penalties if there is a breach. Confidence in protecting privacy is correlated to an organization’s data management practices. Respondents whose organizations use de-identifica- tion software or third-party de-identifi- cation services are more likely to have complete confidence in the ability to responsibly share data for secondary use. Nearly half (48%) of the respondents cited preventing patient re-identifica- tion as a key challenge when storing and sharing data, with concern greatest among those who already share their data. Additional chal- lenges include low staff knowledge on managing data safely (26%), low staff knowledge of data sharing practices and tools (25%), cost concerns (24%), 10 Respondents whose organiza- tions use de-identification soft- ware or services are more likely to have complete confidence in the ability to responsibly share data for secondary use.
11 and lack of organizational policies (23%). Combined, low staff knowledge issues were identified as a challenge by fully half (51%) of the respondents. This is consistent with other surveys that found “overcoming insufficient skills in analytics” to be the top tactical challenge to performing analytics.6 Knowledge gaps are a major concern and more education and training on de-identification and best practices in data management are needed at many organizations. When asked about privacy discussions within their own organizations and the benefits of data management solu- tions, reduced risk of privacy breaches and security were cited most often, followed closely by confidence in regulatory compliance. Subsequently, when asked about the importance of various privacy solutions, the most highly rated is the “Ability to certify that data is compliant”. This was found to be “Very Important” by more than 41% of the respondents. The ability to main- tain the granularity of data was also frequently identified (by 32%) as “Very Important”. Thus, it would appear that healthcare organizations are seeking ways to responsibly share high-quality data while ensuring that they meet regulatory compliance. In summary, respondents noted that their chief concern of protecting patients from re-identification is diffi- cult to solve given a lack of knowl- edge and a lack of policy to achieve compliance. “De-identification [allows us] to provide growth for our corporate culture of compliance.” -Anonymous survey respondent
12 The growing demand to share health data brings with it growing risks. The proliferation of PHI and subsequent requests for data is pushing the boundaries of compliance as orga- nizations try to satisfy demand. The response has been to err on the side of caution and keep data locked away. Unfortunately, most organizations still rely on rudimentary data manage- ment approaches, such as data sharing agreements and masking, that fail to fully comply with data protection laws and which fall far short of emerging standards that have universally recommended the need for risk-based de-identification when sharing data for secondary purposes. The number of organi- zations yet to embrace these more advanced approaches to data management is indicative of the slow pace of change in the industry, partic- ularly when it comes to information technology. Without a staff that is fully knowl- edgeable of the tools and techniques to share data safely, organizations will continue to lack confidence in their ability to protect privacy when disclosing data. This should spur orga- nizations to reduce their reliance on ad hoc practices and seek out education and expertise on better ways to respon- sibly share sensitive data. The results of the market survey are indicative of the gap between regula- tory requirements and the industry’s preparation to meet them, as was noted in a Deloitte Brief on privacy and security of protected health infor- mation.7 The HITECH Act introduced a requirement for periodic audits of covered entities and business asso- ciates to check compliance with HIPAA Privacy, Security and Breach Notification Rules. The importance of ongoing risk analysis will be a central feature of these audits. A pilot audit program conducted in 2013 showed that few healthcare organi- zations had appropriate controls in place and that the industry needed to significantly improve its security and privacy programs. With the perma- nent audit program about to come into existence,8 the clock has run out on organizations that have delayed the implementation of rigorous, risk-based privacy protocols and practices. Those who are in charge of storing and sharing PHI know that they must do so responsibly. The responses to this survey echo their struggles to prevent patient re-identification and meet regulatory compliance. Many organizations feel unprepared to responsibly store and share data for secondary purposes, and thus, are unable to advance analytics in their organization. Those organizations that have taken steps to improve their understanding of de-identification and follow emerging standards, like the Health Information Trust Alliance (HITRUST) and PhUSE guidelines, are in an advantageous position in the emerging field of healthcare analytics. They will benefit from the ability to broadly share data with small down- side risk and confidently monetize their data. CONCLUSION
13 Privacy Analytics sent a survey invitation to approximately 8500 professionals in their database who have responsibilities around PHI. Recipients work in a variety of settings, including hospitals and other healthcare providers, at healthcare payers, pharmaceutical and device manufacturers, research organizations and public agencies. Responses were collected from 339 professionals over a nine-week period from July to September 2015. Of those 271 individuals completed the survey, forming the dataset used in this report. The margin of error for the results is +/- 5.2%, at the edge of a 95-percent confidence interval. In order to gather responses anony- mously, the online survey software SurveyMonkey was used. A link to the survey was sent to recipients via email and was also posted to the Privacy Analytics website. Four out of five people who initiated the survey accessed it via the link in their email. METHODOLOGY
14 1 International Institute for Analytics and HIMSS Analytics. (2014, February 24). The State of Analytics Maturity for Healthcare Providers: The DELTATM Powered Analytics Assessment Benchmark Report. HIMSS Analytics. Retrieved from http://www.himssana- lytics.org/sites/default/files/DELTA%20Powered%20Suite%20FAQ_June2015_0.pdf 2 ISACA (2015). Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function. ISACA. Retrieved from http://www.isaca.org/Knowledge-Center/Research/Re- searchDeliverables/Pages/keeping-a-lock-on-privacy.aspx 3 HealthLeaders Media (2015, April). IT and the Analytics Advantage: Managing Data to Master Risk. HealthLeaders Media. Retrieved from http://healthleadersmedia.com/con- tent/TEC-315376/Intelligence-Report-Slideshow-IT-and-the-Analytics-Advantagemdash- Managing-Data-to-Master-Risk## 4 Prewitt, Edward (2012, June). HealthLeaders Media Breakthroughs: The Promise of Healthcare Analytics. HealthLeaders Media. Retrieved from http://healthleadersmedia. com/breakthroughs/281331/The-Promise-of-Healthcare-Analytics 5 Gartner (10 January, 2013). Gartner Predicts 30 Percent of Businesses Will Be Mone- tizing Their Information Assets Directly by 2016. Retrieved from http://www.gartner.com/ newsroom/id/2299315 6 HealthLeaders Media (2015, April). IT and the Analytics Advantage: Managing Data to Master Risk. HealthLeaders Media. Retrieved from http://healthleadersmedia.com/con- tent/TEC-315376/Intelligence-Report-Slideshow-IT-and-the-Analytics-Advantagemdash- Managing-Data-to-Master-Risk## 7 Deloitte Center for Health Solutions. (2014). Issue Brief: Update: Privacy and Security of Protected Health Information Omnibus Final Rule and stakeholder considerations. Deloitte LLP. Retrieved from http://www2.deloitte.com/content/dam/Deloitte/us/Docu- ments/life-sciences-health-care/us-lshc-privacy-and-security.pdf 8 Dvorak, Katie (2015, September 3). OCR picks vendor for second phase of HIPAA audit program. FierceHealthIT. Retrieved from http://www.fiercehealthit.com/story/ocr-picks- vendor-second-phase-hipaa-audit-program/2015-09-03 REFERENCES
PRIVACY ANALYTICSNothing personal. www.privacy-analytics.com

Recommandé

Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
e-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoption
e-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoptione-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoption
e-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoptionkwittman
 
E Marketingposter
E MarketingposterE Marketingposter
E Marketingpostermboufaida
 
Opentext brings intelligence to Pharma and biotech
Opentext brings intelligence to Pharma and biotechOpentext brings intelligence to Pharma and biotech
Opentext brings intelligence to Pharma and biotechChristopher Wynder
 
Electronic Medical Record Implementation Roundtable White Paper
Electronic Medical Record Implementation Roundtable White PaperElectronic Medical Record Implementation Roundtable White Paper
Electronic Medical Record Implementation Roundtable White PaperDATAMARK
 
Healthcare in BI
Healthcare in BIHealthcare in BI
Healthcare in BIMichael Farris
 

Recommandé

Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data SecurityFourth Annual Benchmark Study on Patient Privacy & Data Security
Fourth Annual Benchmark Study on Patient Privacy & Data Security- Mark - Fullbright
 
e-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoption
e-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoptione-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoption
e-Marketing: An Approach to Overcoming Non-Financial Barriers to EHR Adoptionkwittman
 
E Marketingposter
E MarketingposterE Marketingposter
E Marketingpostermboufaida
 
Opentext brings intelligence to Pharma and biotech
Opentext brings intelligence to Pharma and biotechOpentext brings intelligence to Pharma and biotech
Opentext brings intelligence to Pharma and biotechChristopher Wynder
 
Electronic Medical Record Implementation Roundtable White Paper
Electronic Medical Record Implementation Roundtable White PaperElectronic Medical Record Implementation Roundtable White Paper
Electronic Medical Record Implementation Roundtable White PaperDATAMARK
 
Healthcare in BI
Healthcare in BIHealthcare in BI
Healthcare in BIMichael Farris
 
Connected Patient Report
Connected Patient ReportConnected Patient Report
Connected Patient ReportTrustRobin
 
Analytics_Wealth of Infomation
Analytics_Wealth of InfomationAnalytics_Wealth of Infomation
Analytics_Wealth of InfomationHeather Fraser
 
Data mining applications
Data mining applicationsData mining applications
Data mining applicationsFrancisco E. Figueroa-Nigaglioni
 
2010 internet use_trends
2010 internet use_trends2010 internet use_trends
2010 internet use_trendsÓscar Miranda
 
Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks Sean Ekins
 
Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery BottlenecksDisruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery BottlenecksUS Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
Data driven Healthcare for Providers
Data driven Healthcare for ProvidersData driven Healthcare for Providers
Data driven Healthcare for ProvidersAmit Mishra
 
Healthcare Interoperability and Standards
Healthcare Interoperability and StandardsHealthcare Interoperability and Standards
Healthcare Interoperability and StandardsArjei Balandra
 
HIPAA&predictiveanalytics
HIPAA&predictiveanalyticsHIPAA&predictiveanalytics
HIPAA&predictiveanalyticsdmcgraw418
 
Use of data analytics in health care
Use of data analytics in health careUse of data analytics in health care
Use of data analytics in health careAkanshabhushan
 
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...DrBonnie360
 
Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?M2SYS Technology
 
Accenture Digital Doctor
Accenture Digital DoctorAccenture Digital Doctor
Accenture Digital DoctorAref Jdey
 
J1803026569
J1803026569J1803026569
J1803026569IOSR Journals
 
pc15257_brochure original
pc15257_brochure originalpc15257_brochure original
pc15257_brochure originalDaria Binder
 
Draft AMCP 2006 Model Quality 4-4-06
Draft AMCP 2006 Model Quality 4-4-06Draft AMCP 2006 Model Quality 4-4-06
Draft AMCP 2006 Model Quality 4-4-06Joe Gricar, MS
 
The Learning Health System: Thinking and Acting Across Scales
The Learning Health System: Thinking and Acting Across ScalesThe Learning Health System: Thinking and Acting Across Scales
The Learning Health System: Thinking and Acting Across ScalesPhilip Payne
 
Health data mining
Health data miningHealth data mining
Health data miningsidra ali
 
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...TechSci Research
 
Зачем iWAM HR -ру
Зачем iWAM HR -руЗачем iWAM HR -ру
Зачем iWAM HR -руYelena Shaulova
 
Media work
Media workMedia work
Media workFrancis Ireland
 
Indian Election_PowrePoint Presentation
Indian Election_PowrePoint PresentationIndian Election_PowrePoint Presentation
Indian Election_PowrePoint Presentationsarikrishna
 

Contenu connexe

Tendances

Connected Patient Report
Connected Patient ReportConnected Patient Report
Connected Patient ReportTrustRobin
 
Analytics_Wealth of Infomation
Analytics_Wealth of InfomationAnalytics_Wealth of Infomation
Analytics_Wealth of InfomationHeather Fraser
 
2010 internet use_trends
2010 internet use_trends2010 internet use_trends
2010 internet use_trendsÓscar Miranda
 
Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks Sean Ekins
 
Data driven Healthcare for Providers
Data driven Healthcare for ProvidersData driven Healthcare for Providers
Data driven Healthcare for ProvidersAmit Mishra
 
Healthcare Interoperability and Standards
Healthcare Interoperability and StandardsHealthcare Interoperability and Standards
Healthcare Interoperability and StandardsArjei Balandra
 
HIPAA&predictiveanalytics
HIPAA&predictiveanalyticsHIPAA&predictiveanalytics
HIPAA&predictiveanalyticsdmcgraw418
 
Use of data analytics in health care
Use of data analytics in health careUse of data analytics in health care
Use of data analytics in health careAkanshabhushan
 
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...DrBonnie360
 
Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?M2SYS Technology
 
Accenture Digital Doctor
Accenture Digital DoctorAccenture Digital Doctor
Accenture Digital DoctorAref Jdey
 
pc15257_brochure original
pc15257_brochure originalpc15257_brochure original
pc15257_brochure originalDaria Binder
 
Draft AMCP 2006 Model Quality 4-4-06
Draft AMCP 2006 Model Quality 4-4-06Draft AMCP 2006 Model Quality 4-4-06
Draft AMCP 2006 Model Quality 4-4-06Joe Gricar, MS
 
The Learning Health System: Thinking and Acting Across Scales
The Learning Health System: Thinking and Acting Across ScalesThe Learning Health System: Thinking and Acting Across Scales
The Learning Health System: Thinking and Acting Across ScalesPhilip Payne
 
Health data mining
Health data miningHealth data mining
Health data miningsidra ali
 
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...TechSci Research
 

Tendances (19)

Connected Patient Report
Connected Patient ReportConnected Patient Report
Connected Patient Report
 
Analytics_Wealth of Infomation
Analytics_Wealth of InfomationAnalytics_Wealth of Infomation
Analytics_Wealth of Infomation
 
Data mining applications
Data mining applicationsData mining applications
Data mining applications
 
2010 internet use_trends
2010 internet use_trends2010 internet use_trends
2010 internet use_trends
 
Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks
 
Disruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery BottlenecksDisruptive Strategies for Removing Drug Discovery Bottlenecks
Disruptive Strategies for Removing Drug Discovery Bottlenecks
 
Data driven Healthcare for Providers
Data driven Healthcare for ProvidersData driven Healthcare for Providers
Data driven Healthcare for Providers
 
Healthcare Interoperability and Standards
Healthcare Interoperability and StandardsHealthcare Interoperability and Standards
Healthcare Interoperability and Standards
 
HIPAA&predictiveanalytics
HIPAA&predictiveanalyticsHIPAA&predictiveanalytics
HIPAA&predictiveanalytics
 
Use of data analytics in health care
Use of data analytics in health careUse of data analytics in health care
Use of data analytics in health care
 
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
Using Big Data to Personalize the Healthcare Experience in Cancer, Genomics a...
 
Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?
 
Accenture Digital Doctor
Accenture Digital DoctorAccenture Digital Doctor
Accenture Digital Doctor
 
J1803026569
J1803026569J1803026569
J1803026569
 
pc15257_brochure original
pc15257_brochure originalpc15257_brochure original
pc15257_brochure original
 
Draft AMCP 2006 Model Quality 4-4-06
Draft AMCP 2006 Model Quality 4-4-06Draft AMCP 2006 Model Quality 4-4-06
Draft AMCP 2006 Model Quality 4-4-06
 
The Learning Health System: Thinking and Acting Across Scales
The Learning Health System: Thinking and Acting Across ScalesThe Learning Health System: Thinking and Acting Across Scales
The Learning Health System: Thinking and Acting Across Scales
 
Health data mining
Health data miningHealth data mining
Health data mining
 
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
United States Diagnostics Market Size, Share, Trend and Forecast 2026 | TechS...
 

En vedette

Зачем iWAM HR -ру
Зачем iWAM HR -руЗачем iWAM HR -ру
Зачем iWAM HR -руYelena Shaulova
 
Indian Election_PowrePoint Presentation
Indian Election_PowrePoint PresentationIndian Election_PowrePoint Presentation
Indian Election_PowrePoint Presentationsarikrishna
 
Millath college of teacher education Assignment
Millath college of teacher education AssignmentMillath college of teacher education Assignment
Millath college of teacher education Assignmentsarikrishna
 
Innovative lesson plan
Innovative lesson planInnovative lesson plan
Innovative lesson plansarikrishna
 
By demons be driven(www.guitarforge.com)
By demons be driven(www.guitarforge.com)By demons be driven(www.guitarforge.com)
By demons be driven(www.guitarforge.com)tomleandro
 
[Kelompok 2] Excess-3
[Kelompok 2] Excess-3[Kelompok 2] Excess-3
[Kelompok 2] Excess-3Reikunz
 
13571853 panduan-penggunaan-skpm
13571853 panduan-penggunaan-skpm13571853 panduan-penggunaan-skpm
13571853 panduan-penggunaan-skpmLinggam Balasinggam
 
Bon Jovi New Jersey songbook
Bon Jovi New Jersey songbookBon Jovi New Jersey songbook
Bon Jovi New Jersey songbooktomleandro
 
Introducing Backblaze B2, the lowest cost cloud storage on the planet.
Introducing Backblaze B2, the lowest cost cloud storage on the planet.Introducing Backblaze B2, the lowest cost cloud storage on the planet.
Introducing Backblaze B2, the lowest cost cloud storage on the planet.Backblaze
 
Cистема управления карьерой
Cистема управления карьеройCистема управления карьерой
Cистема управления карьеройYelena Shaulova
 
Van hallen balance guitar songbook
Van hallen balance guitar songbookVan hallen balance guitar songbook
Van hallen balance guitar songbooktomleandro
 
Iron maiden somewhere in time - songbook
Iron maiden somewhere in time - songbookIron maiden somewhere in time - songbook
Iron maiden somewhere in time - songbooktomleandro
 
Desain program shifting dan reversing sinyal pada android device
Desain program shifting dan reversing sinyal pada android deviceDesain program shifting dan reversing sinyal pada android device
Desain program shifting dan reversing sinyal pada android deviceSella Serafina
 
Gadgets for Travellers
Gadgets for TravellersGadgets for Travellers
Gadgets for TravellersGaurav Sharma
 

En vedette (20)

Зачем iWAM HR -ру
Зачем iWAM HR -руЗачем iWAM HR -ру
Зачем iWAM HR -ру
 
Media work
Media workMedia work
Media work
 
Indian Election_PowrePoint Presentation
Indian Election_PowrePoint PresentationIndian Election_PowrePoint Presentation
Indian Election_PowrePoint Presentation
 
Media work part 2
Media work part 2Media work part 2
Media work part 2
 
Media work
Media workMedia work
Media work
 
Rosas
RosasRosas
Rosas
 
Millath college of teacher education Assignment
Millath college of teacher education AssignmentMillath college of teacher education Assignment
Millath college of teacher education Assignment
 
Innovative lesson plan
Innovative lesson planInnovative lesson plan
Innovative lesson plan
 
By demons be driven(www.guitarforge.com)
By demons be driven(www.guitarforge.com)By demons be driven(www.guitarforge.com)
By demons be driven(www.guitarforge.com)
 
[Kelompok 2] Excess-3
[Kelompok 2] Excess-3[Kelompok 2] Excess-3
[Kelompok 2] Excess-3
 
13571853 panduan-penggunaan-skpm
13571853 panduan-penggunaan-skpm13571853 panduan-penggunaan-skpm
13571853 panduan-penggunaan-skpm
 
Bon Jovi New Jersey songbook
Bon Jovi New Jersey songbookBon Jovi New Jersey songbook
Bon Jovi New Jersey songbook
 
Introducing Backblaze B2, the lowest cost cloud storage on the planet.
Introducing Backblaze B2, the lowest cost cloud storage on the planet.Introducing Backblaze B2, the lowest cost cloud storage on the planet.
Introducing Backblaze B2, the lowest cost cloud storage on the planet.
 
Cистема управления карьерой
Cистема управления карьеройCистема управления карьерой
Cистема управления карьерой
 
Auto parts
Auto partsAuto parts
Auto parts
 
Van hallen balance guitar songbook
Van hallen balance guitar songbookVan hallen balance guitar songbook
Van hallen balance guitar songbook
 
Iron maiden somewhere in time - songbook
Iron maiden somewhere in time - songbookIron maiden somewhere in time - songbook
Iron maiden somewhere in time - songbook
 
Desain program shifting dan reversing sinyal pada android device
Desain program shifting dan reversing sinyal pada android deviceDesain program shifting dan reversing sinyal pada android device
Desain program shifting dan reversing sinyal pada android device
 
Passion in work
Passion in work Passion in work
Passion in work
 
Gadgets for Travellers
Gadgets for TravellersGadgets for Travellers
Gadgets for Travellers
 

Similaire à PA Data Sharing Survey 2016 POSTED.final

Suggested ResourcesThe resources provided here are optional. You.docx
Suggested ResourcesThe resources provided here are optional. You.docxSuggested ResourcesThe resources provided here are optional. You.docx
Suggested ResourcesThe resources provided here are optional. You.docxdeanmtaylor1545
 
Marketing in the Age of Person-centric Healthcare
Marketing in the Age of Person-centric HealthcareMarketing in the Age of Person-centric Healthcare
Marketing in the Age of Person-centric HealthcareOgilvy Consulting
 
Big implications of Big Data in healthcare
Big implications of Big Data in healthcareBig implications of Big Data in healthcare
Big implications of Big Data in healthcareGuires
 
ey-getting-from-big-data-to-analytics
ey-getting-from-big-data-to-analyticsey-getting-from-big-data-to-analytics
ey-getting-from-big-data-to-analyticsGautam Jaggi
 
Healthcare Communications Study Among Physicians: Medical Monitor 2013
Healthcare Communications Study Among Physicians: Medical Monitor 2013Healthcare Communications Study Among Physicians: Medical Monitor 2013
Healthcare Communications Study Among Physicians: Medical Monitor 2013Joshua Spiegel
 
2015 05 01 Pop Health - Laying the Foundation (00000002)
2015 05 01 Pop Health - Laying the Foundation (00000002)2015 05 01 Pop Health - Laying the Foundation (00000002)
2015 05 01 Pop Health - Laying the Foundation (00000002)Dana Alexander
 
Social media healthcare
Social media healthcareSocial media healthcare
Social media healthcareRichard Meyer
 
Big risks require big data thinking, Global Forensic Data Analytics Survey 2014
Big risks require big data thinking, Global Forensic Data Analytics Survey 2014Big risks require big data thinking, Global Forensic Data Analytics Survey 2014
Big risks require big data thinking, Global Forensic Data Analytics Survey 2014EY
 
Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryAmber Guy
 
Download the State of Healthcare Report
Download the State of Healthcare Report Download the State of Healthcare Report
Download the State of Healthcare Report D R
 
Future of Patient Data Berlin - 18 April 2018
Future of Patient Data Berlin - 18 April 2018Future of Patient Data Berlin - 18 April 2018
Future of Patient Data Berlin - 18 April 2018Future Agenda
 
Commercial access to health data
Commercial access to health dataCommercial access to health data
Commercial access to health dataIpsos UK
 
Please respond to each of the 3 posts with 3.docx
Please respond to each of the 3 posts with 3.docxPlease respond to each of the 3 posts with 3.docx
Please respond to each of the 3 posts with 3.docxbkbk37
 
Online Physician Reputation Management: Navigating and Succeeding in the New...
Online Physician Reputation Management: Navigating and Succeeding in the New...Online Physician Reputation Management: Navigating and Succeeding in the New...
Online Physician Reputation Management: Navigating and Succeeding in the New...Aaron Watkins
 
Future of patient data global summary - 29 may 2018
Future of patient data global summary - 29 may 2018Future of patient data global summary - 29 may 2018
Future of patient data global summary - 29 may 2018Future Agenda
 
Encrypting User Data in the NHS 2016
Encrypting User Data in the NHS 2016Encrypting User Data in the NHS 2016
Encrypting User Data in the NHS 2016Ben B
 
The New IT Drives Healthcare Transformation
The New IT Drives Healthcare TransformationThe New IT Drives Healthcare Transformation
The New IT Drives Healthcare TransformationJannette Whippy
 
Jessie lee dia_2016_oral_presentation_final
Jessie lee dia_2016_oral_presentation_finalJessie lee dia_2016_oral_presentation_final
Jessie lee dia_2016_oral_presentation_finalJessie Lee
 

Similaire à PA Data Sharing Survey 2016 POSTED.final (20)

Suggested ResourcesThe resources provided here are optional. You.docx
Suggested ResourcesThe resources provided here are optional. You.docxSuggested ResourcesThe resources provided here are optional. You.docx
Suggested ResourcesThe resources provided here are optional. You.docx
 
Marketing in the Age of Person-centric Healthcare
Marketing in the Age of Person-centric HealthcareMarketing in the Age of Person-centric Healthcare
Marketing in the Age of Person-centric Healthcare
 
Big implications of Big Data in healthcare
Big implications of Big Data in healthcareBig implications of Big Data in healthcare
Big implications of Big Data in healthcare
 
ey-getting-from-big-data-to-analytics
ey-getting-from-big-data-to-analyticsey-getting-from-big-data-to-analytics
ey-getting-from-big-data-to-analytics
 
Healthcare Communications Study Among Physicians: Medical Monitor 2013
Healthcare Communications Study Among Physicians: Medical Monitor 2013Healthcare Communications Study Among Physicians: Medical Monitor 2013
Healthcare Communications Study Among Physicians: Medical Monitor 2013
 
2015 05 01 Pop Health - Laying the Foundation (00000002)
2015 05 01 Pop Health - Laying the Foundation (00000002)2015 05 01 Pop Health - Laying the Foundation (00000002)
2015 05 01 Pop Health - Laying the Foundation (00000002)
 
Social media healthcare
Social media healthcareSocial media healthcare
Social media healthcare
 
Big risks require big data thinking, Global Forensic Data Analytics Survey 2014
Big risks require big data thinking, Global Forensic Data Analytics Survey 2014Big risks require big data thinking, Global Forensic Data Analytics Survey 2014
Big risks require big data thinking, Global Forensic Data Analytics Survey 2014
 
Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare Industry
 
Download the State of Healthcare Report
Download the State of Healthcare Report Download the State of Healthcare Report
Download the State of Healthcare Report
 
Future of Patient Data Berlin - 18 April 2018
Future of Patient Data Berlin - 18 April 2018Future of Patient Data Berlin - 18 April 2018
Future of Patient Data Berlin - 18 April 2018
 
HealthApp-JanFeb16-2
HealthApp-JanFeb16-2HealthApp-JanFeb16-2
HealthApp-JanFeb16-2
 
Commercial access to health data
Commercial access to health dataCommercial access to health data
Commercial access to health data
 
Please respond to each of the 3 posts with 3.docx
Please respond to each of the 3 posts with 3.docxPlease respond to each of the 3 posts with 3.docx
Please respond to each of the 3 posts with 3.docx
 
Online Physician Reputation Management: Navigating and Succeeding in the New...
Online Physician Reputation Management: Navigating and Succeeding in the New...Online Physician Reputation Management: Navigating and Succeeding in the New...
Online Physician Reputation Management: Navigating and Succeeding in the New...
 
Future of patient data global summary - 29 may 2018
Future of patient data global summary - 29 may 2018Future of patient data global summary - 29 may 2018
Future of patient data global summary - 29 may 2018
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
 
Encrypting User Data in the NHS 2016
Encrypting User Data in the NHS 2016Encrypting User Data in the NHS 2016
Encrypting User Data in the NHS 2016
 
The New IT Drives Healthcare Transformation
The New IT Drives Healthcare TransformationThe New IT Drives Healthcare Transformation
The New IT Drives Healthcare Transformation
 
Jessie lee dia_2016_oral_presentation_final
Jessie lee dia_2016_oral_presentation_finalJessie lee dia_2016_oral_presentation_final
Jessie lee dia_2016_oral_presentation_final
 

PA Data Sharing Survey 2016 POSTED.final

  • 1. PRIVACY ANALYTICSNothing personal. THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015 - 2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve regulatory compliance
  • 2. Healthcare organizations are experi- encing greater demand than ever to share data, both internally and exter- nally. Yet, despite the need for sophis- ticated methods, organizations are relying on rudimentary approaches to managing the privacy and security of their data, leaving them – and their patients – at risk. In order to begin addressing this gap, the industry must identify what challenges healthcare organizations face and what methods are used when sharing sensitive information. The following summarizes the key findings from The State of Data Sharing for Healthcare Analytics 2015-2016: Change, Challenges and Choice. The survey was launched earlier this year by Privacy Analytics, in collaboration with the Electronic Health Information Laboratory, a group that conducts theoretical and applied research on the de-identifica- tion of health information. The survey assessed the state of data sharing in healthcare and the challenges in disclosing data for secondary use. Secondary use of health data applies to protected health information (PHI) that is used for reasons other than direct patient care, such as data anal- ysis, research, safety measurement, public health, payment, provider certi- fication or marketing. Healthcare organizations lack matu- rity in how they currently utilize their data1, but data analytics in healthcare is taking hold. Investments made through the HITECH Act and other programs accelerated the adoption of technology, transforming health- care in recent years. Vast amounts of data are now captured in electronic medical records, medical monitoring tools and information portals. One outcome has been a flood of requests for this sensitive information, from internal groups that want to monitor clinical quality, external organiza- tions that aim to integrate data from various systems to gain a comprehen- sive view of patients and uncover new treatments. Moving beyond individual data silos to integrated data systems that support decision-making and innova- tive research holds great promise, but progress to implement this has been slow. While staff, from executives to front-line workers, see the potential of data analytics, most are unsure of how to reconcile the need for detailed and high-quality data with privacy regula- tions. Because many individuals lack familiarity with advanced methods of de-identifying data, they are releasing information that has been stripped of its usefulness or – even worse – sharing data in a way that puts them at an unacceptably high risk of a breach. INTRODUCTION 1
  • 3. 2 THERE IS A LACK OF TOTAL CONFIDENCE IN THE ABILITY TO PROTECT PRIVACY. More than two out of three lack complete confidence in their organization’s ability to share data without putting privacy at risk. FINDINGS AT A GLANCE THE DEMAND FOR DATA IS GROWING AS FAST AS THE AMOUNT OF DATA BEING COLLECTED. More than half of the respondents plan to increase the volume of data stored or shared within 12 months and two-thirds currently release data for secondary use. MOST ORGANIZATIONS USE APPROACHES THAT CAN RESULT IN HIGH RISK DATASETS. More than 75 percent of respondents said that their orga- nization uses one or more of the following: data-sharing agreements, data masking or Safe Harbor. HEALTHCARE ORGANIZATIONS ARE SLOWLY STARTING TO MONETIZE DATA ASSETS. One in six says they share data with other organizations for profit. INDIVIDUALS LACK FAMILIARITY WITH ADVANCED METHODS OF DE-IDENTIFYING DATA. As a result, they release information that has been stripped of its usefulness or share data in a way that puts them at an unacceptably high risk of a breach.
  • 4. SURVEY PARTICIPANTS 3 RESPONDENT ROLES LEGAL 5% OTHER 42% IT 23% COMPLIANCE 16% PRIVACY 14% “Other” includes individual cross-appointed to more than one role, as well as those involved in management, research, clinical roles, finance, and marketing. RESPONDENT JOB ROLES A total of 271 individuals completed the online survey between July and September 2015. The respondents held various levels of seniority in their organization, from the C-level (33%) to managers (40%) and employees (28%). Approximately one in three individuals surveyed is responsible for privacy and compliance in their organization. Another 23% work in the IT depart- ment. Others identified themselves as researchers, clinicians, project managers, analysts and consultants. This diversity reflects the broad spec- trum of individuals involved in privacy decision-making. Respondents were mainly located in the U.S. (75%) and Canada (18%), with a small number of individuals located in Europe (4%), Asia (3%) and other regions.
  • 5. 4 The State of Data Sharing for Healthcare Analytics 2015-2016: Change, Challenges and Choice market survey reveals that, while healthcare organizations are seeing a surge in the demand to share data for secondary use, data analytics in healthcare is still immature. As a result, organizations can expect to feel mounting pressure to bring their data storage and sharing practices in line with emerging industry standards. HITRUST, the Institute of Medicine, PhUSE and the Canadian Council of Academies have all put forward guidelines that recommend the use of risk-based de-identification when disclosing PHI for secondary uses. The major findings of this survey reflect overall trends being seen in healthcare analytics. Results found here are consistent with those of surveys conducted by other reputable groups with interests in data secu- rity and privacy. One finding from the 2015-2016 survey revealed that more than two out of three respondents lack complete confidence in their organization’s ability to responsibly share data for secondary uses without putting individual privacy at risk. This is almost identical to a recent ISACA survey that found only 29% of privacy professionals are very confident in their enterprise’s ability to ensure the privacy of its sensitive data.2 To gain insight into healthcare orga- nizations’ need to protect patient privacy, the challenges faced, and the approaches currently being used, the survey presented questions in three sections: Basics of data sharing, Current uses of data, and Challenges. The main findings from each section are presented below. KEY FINDINGS
  • 6. BASICS OF DATA SHARING Respondents see demand for their data coming from a variety of sources, both internal and external, and many already release data for secondary use. Internal uses of data include any data sharing within the organization that is not for providing care, such as quality assurance for products and fraud detection. External uses of data include any use of data by an outside organi- zation, such as for revenue or reporting purposes. While external data sharing occurs primarily with academic institu- tions for research and analysis, there is interest in greater sharing with other outside organizations, too. Nearly two-thirds (62%) of respon- dents indicated that their organization currently releases data for secondary use. A majority (56%) are also planning on increasing the volume of data they share in the next 12 months, regard- less of whether or not they already share data with others. Respondents who expressed an interest in de-identification said that it is primarily due to increased demand to share data externally (45%) and the desire to make use of sensitive data internally (41%). Other reasons include validation for compliance (26%), soft- ware testing (17%) and research (4%). The majority of respondents who already share data, either within their organization only or with another firm externally, are interested in sharing data externally in the future with academic institutions and researchers (46%). A large portion of respondents is interested in sharing data externally in the future with pharmaceutical companies (27%) and device manufac- turers (14%). Health records are the leading type of data being stored or shared (55%) by respondents, followed by medical claims data (44%), trial data (36%), membership enrollment (33%), survey responses (33%), and device data (23%). In summary, demand for data is on the rise, including for organizations that only use data internally. It is important for organizations using data for any type of secondary purpose, including internal uses such as quality assur- ance, to protect it. 5
  • 7. Medical claim data Membership or enrollment data Device data Trial data Survey responses Health records 0 5 10 15 20 25 30 35 40 45 50 55 60 Percentage of respondents Research Compliance and validation Sharing data externally Using data internally Software testing 0 5 10 15 20 25 30 35 40 45 50 Percentage of respondents 6 INTEREST IN USING DE-IDENTIFICATION TYPES OF DATA BEING SHARED
  • 8. Sharing for profit Sharing for primary analysis Sharing for secondary analysis 0 10 20 30 40 50 60 70 80 Percentage of respondents CURRENT USES OF DATA Survey respondents indicated that they anticipate the demand for data to grow in the foreseeable future, with a few already starting to monetize their data. Those who have started monetizing data are slightly more inclined to use Safe Harbor de-identifi- cation strategies, but most are relying on data sharing agreements and masking techniques only. While Safe Harbor substantially reduces the risk of re-identification, it does not provide the same level of rigor as risk-based de-identification, putting organizations at an unnecessarily high risk of a data breach. While data are often being used for secondary analysis such as research or fraud detection (60%), the largest use is for primary analysis, including quality assurance (72%). This finding is in line with a HealthLeaders Media survey conducted earlier this year showing the top analytic use of data to be improving clinical quality.3 The move towards monetizing data assets will be propelled by changes to hospital reimbursements. The shift to pay-for-performance models means Regardless of whether or not they currently share data, the majority of respondents foresee an increase in their data sharing practices within the next year. 7 CURRENT USES OF DATA
  • 9. Masking non i ation or i ntifi ation Not sure/none hir part i ntifi ation Saf ar or i ntifi ation Data sharing agreements 0 5 10 15 20 25 30 35 40 45 50 Percentage of respondents that providers will likely see declining reimbursements in the near term. Health insurers will also feel the pinch, caught between health providers and their clients. As business fundamentals become more important, data analytics will give insights on ways to cut costs and improve efficiencies.4 But, expect these players to increasingly look to monetization of their data as a way to generate new revenues. The propor- tion of respondents that have begun monetizing their data assets (19%) is in line with research from Gartner that reported 30 percent of U.S. businesses will monetize their information assets by 2016.5 When it comes to data management practices, two-thirds of respondents are managing the majority of their data sharing practices in-house. When asked to identify their current data manage- ment practices, more than 75 percent of respondents said that their organiza- tion uses one or more approaches that could result in unknown data privacy compliance and risk, such as data- sharing agreements (50%) and data masking (31%). The use of Safe Harbor methodology is also on the rise (28%). Although Safe Harbor is recommended by regulators, it represents a minimum standard for de-identification that can leave data vulnerable to a breach. One in 13 respondents said their organiza- tion currently uses no data manage- ment practices. 8 DATA MANAGEMENT TECHNIQUES
  • 10. to n r tan ri of r i ntifi ation oo fit into rr nt infra tr t r Granular high-quality data rtif ing o p ian oo i i p 0 1 2 3 4 5 6 7 8 9 10 Rated by importance (10 being the most important) Cost Low knowledge on sharing and software No concerns Lack of data use policy Low knowledge on managing data i ntifi ation on rn 0 5 10 15 20 25 30 35 40 45 50 Percentage of respondents 9 MOST IMPORTANT ELEMENTS OF A PRIVACY SOLUTION CURRENT CONCERNS IN DATA SHARING However, one in five respondents says that their organization has taken steps to reduce risk by using expert determination de-identification software or third-party de-identification. This type of de-identification represents the most stringent data protection available. These organizations are more likely to be handling health records (57%), medical claims data (51%) or trial data (51%), some of the most sensitive types of data being handled today. While this small subset of organi- zations that handle sensitive data understands the complexities around data sharing, many more are leaving themselves open to unnecessary levels of risk and noncompliance.
  • 11. CHALLENGES Healthcare organizations are slowly beginning to unlock their data for secondary uses. Faced with requests for sensitive information, they must balance the demand for high-quality, granular data with requirements for privacy compliance. Unfortunately, two out of three respondents lack complete confidence in their organization’s ability to share data without putting individual privacy at risk. The demand for data, combined with the magnitude of PHI being collected in electronic medical records, medical monitoring apps and other healthcare networks, makes this a cause for concern. Healthcare is a heavily-regulated environment where failure to act with care not only puts patient privacy at risk but exposes the organization to legal, financial and reputational penalties if there is a breach. Confidence in protecting privacy is correlated to an organization’s data management practices. Respondents whose organizations use de-identifica- tion software or third-party de-identifi- cation services are more likely to have complete confidence in the ability to responsibly share data for secondary use. Nearly half (48%) of the respondents cited preventing patient re-identifica- tion as a key challenge when storing and sharing data, with concern greatest among those who already share their data. Additional chal- lenges include low staff knowledge on managing data safely (26%), low staff knowledge of data sharing practices and tools (25%), cost concerns (24%), 10 Respondents whose organiza- tions use de-identification soft- ware or services are more likely to have complete confidence in the ability to responsibly share data for secondary use.
  • 12. 11 and lack of organizational policies (23%). Combined, low staff knowledge issues were identified as a challenge by fully half (51%) of the respondents. This is consistent with other surveys that found “overcoming insufficient skills in analytics” to be the top tactical challenge to performing analytics.6 Knowledge gaps are a major concern and more education and training on de-identification and best practices in data management are needed at many organizations. When asked about privacy discussions within their own organizations and the benefits of data management solu- tions, reduced risk of privacy breaches and security were cited most often, followed closely by confidence in regulatory compliance. Subsequently, when asked about the importance of various privacy solutions, the most highly rated is the “Ability to certify that data is compliant”. This was found to be “Very Important” by more than 41% of the respondents. The ability to main- tain the granularity of data was also frequently identified (by 32%) as “Very Important”. Thus, it would appear that healthcare organizations are seeking ways to responsibly share high-quality data while ensuring that they meet regulatory compliance. In summary, respondents noted that their chief concern of protecting patients from re-identification is diffi- cult to solve given a lack of knowl- edge and a lack of policy to achieve compliance. “De-identification [allows us] to provide growth for our corporate culture of compliance.” -Anonymous survey respondent
  • 13. 12 The growing demand to share health data brings with it growing risks. The proliferation of PHI and subsequent requests for data is pushing the boundaries of compliance as orga- nizations try to satisfy demand. The response has been to err on the side of caution and keep data locked away. Unfortunately, most organizations still rely on rudimentary data manage- ment approaches, such as data sharing agreements and masking, that fail to fully comply with data protection laws and which fall far short of emerging standards that have universally recommended the need for risk-based de-identification when sharing data for secondary purposes. The number of organi- zations yet to embrace these more advanced approaches to data management is indicative of the slow pace of change in the industry, partic- ularly when it comes to information technology. Without a staff that is fully knowl- edgeable of the tools and techniques to share data safely, organizations will continue to lack confidence in their ability to protect privacy when disclosing data. This should spur orga- nizations to reduce their reliance on ad hoc practices and seek out education and expertise on better ways to respon- sibly share sensitive data. The results of the market survey are indicative of the gap between regula- tory requirements and the industry’s preparation to meet them, as was noted in a Deloitte Brief on privacy and security of protected health infor- mation.7 The HITECH Act introduced a requirement for periodic audits of covered entities and business asso- ciates to check compliance with HIPAA Privacy, Security and Breach Notification Rules. The importance of ongoing risk analysis will be a central feature of these audits. A pilot audit program conducted in 2013 showed that few healthcare organi- zations had appropriate controls in place and that the industry needed to significantly improve its security and privacy programs. With the perma- nent audit program about to come into existence,8 the clock has run out on organizations that have delayed the implementation of rigorous, risk-based privacy protocols and practices. Those who are in charge of storing and sharing PHI know that they must do so responsibly. The responses to this survey echo their struggles to prevent patient re-identification and meet regulatory compliance. Many organizations feel unprepared to responsibly store and share data for secondary purposes, and thus, are unable to advance analytics in their organization. Those organizations that have taken steps to improve their understanding of de-identification and follow emerging standards, like the Health Information Trust Alliance (HITRUST) and PhUSE guidelines, are in an advantageous position in the emerging field of healthcare analytics. They will benefit from the ability to broadly share data with small down- side risk and confidently monetize their data. CONCLUSION
  • 14. 13 Privacy Analytics sent a survey invitation to approximately 8500 professionals in their database who have responsibilities around PHI. Recipients work in a variety of settings, including hospitals and other healthcare providers, at healthcare payers, pharmaceutical and device manufacturers, research organizations and public agencies. Responses were collected from 339 professionals over a nine-week period from July to September 2015. Of those 271 individuals completed the survey, forming the dataset used in this report. The margin of error for the results is +/- 5.2%, at the edge of a 95-percent confidence interval. In order to gather responses anony- mously, the online survey software SurveyMonkey was used. A link to the survey was sent to recipients via email and was also posted to the Privacy Analytics website. Four out of five people who initiated the survey accessed it via the link in their email. METHODOLOGY
  • 15. 14 1 International Institute for Analytics and HIMSS Analytics. (2014, February 24). The State of Analytics Maturity for Healthcare Providers: The DELTATM Powered Analytics Assessment Benchmark Report. HIMSS Analytics. Retrieved from http://www.himssana- lytics.org/sites/default/files/DELTA%20Powered%20Suite%20FAQ_June2015_0.pdf 2 ISACA (2015). Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function. ISACA. Retrieved from http://www.isaca.org/Knowledge-Center/Research/Re- searchDeliverables/Pages/keeping-a-lock-on-privacy.aspx 3 HealthLeaders Media (2015, April). IT and the Analytics Advantage: Managing Data to Master Risk. HealthLeaders Media. Retrieved from http://healthleadersmedia.com/con- tent/TEC-315376/Intelligence-Report-Slideshow-IT-and-the-Analytics-Advantagemdash- Managing-Data-to-Master-Risk## 4 Prewitt, Edward (2012, June). HealthLeaders Media Breakthroughs: The Promise of Healthcare Analytics. HealthLeaders Media. Retrieved from http://healthleadersmedia. com/breakthroughs/281331/The-Promise-of-Healthcare-Analytics 5 Gartner (10 January, 2013). Gartner Predicts 30 Percent of Businesses Will Be Mone- tizing Their Information Assets Directly by 2016. Retrieved from http://www.gartner.com/ newsroom/id/2299315 6 HealthLeaders Media (2015, April). IT and the Analytics Advantage: Managing Data to Master Risk. HealthLeaders Media. Retrieved from http://healthleadersmedia.com/con- tent/TEC-315376/Intelligence-Report-Slideshow-IT-and-the-Analytics-Advantagemdash- Managing-Data-to-Master-Risk## 7 Deloitte Center for Health Solutions. (2014). Issue Brief: Update: Privacy and Security of Protected Health Information Omnibus Final Rule and stakeholder considerations. Deloitte LLP. Retrieved from http://www2.deloitte.com/content/dam/Deloitte/us/Docu- ments/life-sciences-health-care/us-lshc-privacy-and-security.pdf 8 Dvorak, Katie (2015, September 3). OCR picks vendor for second phase of HIPAA audit program. FierceHealthIT. Retrieved from http://www.fiercehealthit.com/story/ocr-picks- vendor-second-phase-hipaa-audit-program/2015-09-03 REFERENCES