HiMSS08: IT execs ready to lock down security

A big hello to all of you from HiMSS08, here in the lovely, though slightly muggy, city of Orlando. As it turns out, the conference has drawn even more attendees than originally expected, a whopping 27,000 participants. That's a big hit even for a town that's used to tourists: we HiMSS-ies have taken over!

Today, I attended the HiMSS event at which they unveiled the results from their annual HiMSS Leadership Survey--sort of a "state of the union" thing. The 307 respondents, who represented more than 700 hospitals, had some interesting things to say. Perhaps the most interesting, though, was the apparent contradiction between what they said they wanted and what they actually plan to buy.

Some not-so-shocking takeaways included that:

* 75 percent of HIT professionals expected their budgets to increase this year (though not by very much).

* 26 percent of respondents said that a lack of financial support--not end-user resistance or even an inability to prove ROI on IT investment--was the biggest barrier to implementing their plans.

* 75 percent said that they had management responsibility for non-IT functions, including telecom, biomedical engineering and medical informatics.

More noteworthy, to me, was the clash between what HIT execs said they were actually going to do versus what they called a "top priority." According to the survey, two of their top investment priorities were identity management and security technologies. On the other hand, 45 percent said that clinical information systems were the most important application to address over the next two years, followed by CPOE and EMR systems. And when asked what their IT priorities were today, most said inpatient clinical information systems and helping to reduce medical errors and promote safety were central.

Given that about a quarter of hospitals saw a security breach over the last year (another survey stat), it's hardly surprising that these folks want to go beyond standard firewalls, user access controls and audit logs to the next level of security management. The thing is, they seem to have trouble admitting it.

Truthfully, we're probably years away from seeing industry-wide adoption of cutting edge EMRs, clinical decision systems and other worthwhile technologies focused around patient care. In the meantime, I'm not surprised that HIT execs want to boost security. Hey, when you're in doubt, pull up the drawbridge first; then you'll have time to improve operations within the castle.

More HiMSS08 news on the way tomorrow ... see you then! -- Anne [1]