1
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
1www.himss.eu/analytics
„Data Security“
Results, 2nd Quarter 2017
2
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
TABLE OF CONTENT
• Survey methodology page 3
• Survey overview page 4
• Results
Overall page 5
Protection of medical data by government page 7
Protection of medical data in different environments page 8
Protection of medical data by software vendors page 10
Electronic health information exchange security page 11
Role model for health information exchange and continuity of care page 13
Hospital Information System / Electronic Medical Record System purchase plans page 14
Hospital Information System / Electronic Medical Record System sales opportunities page 15
Business expectations page 16
3
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
HIMSS ANALYTICS – WHO WE ARE
HIMSS Analytics in Europe provides healthcare organisations, governments and industry with extensive data resources and services about the adoption and use of healthcare IT in Europe. HIMSS Analytics’ offerings include database and advisory solutions which encompass market research, IT adoption benchmarking, IT Maturity Models for topics like Electronic Medical Records or Continuity of Care. These offerings are designed to support Management and CIOs, IT Executives and Clinicians from across Europe to compare and measure their progress.
EHEALTH TRENDBAROMETER – METHODOLOGY
Objectives o Continuous evaluation of trends and issues in the European eHealth sector:2 – 4 survey waves per year, with both varying and recurring topics
o Provide insights into current and desired states of eHealth in Europe
o Enable discussions within the European eHealth community
Study design o Structured quantitative online survey
o Quick completion (time-to-complete is < 5 min)
o Survey language(s): English, German
o Participation via personal email invitation or via public link on www.himss.eu and other channels
Target audienceand participants
Key audience: eHealth professionals from several European countries, especially:
o IT staff, administrative staff, and clinicians from health facilities (e.g. CIO’s, CEO’s, Physicians, Nurses)
o Professionals from health-IT related software and consulting companies
o Professionals from other eHealth related sectors (e.g. health authorities, research, journalism)
Number of participants: approx. 300 – 500 per survey wave
Survey period o Typical field time: Approx. 2 months
o Specific field time for „Data Security“ Trend Barometer:
March – April 2017
Access all eHealth Trend Barometers here:
www.himss.eu/healthcare-providers/ehealth-trends
4
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
SURVEY QUESTIONS
1. What type of organisation are you working for?
2. How satisfied are you with the regulation put in force by your national government in order to protect your medical data?
3. In your role as a patient, how well protected do you see your personal medical data in the following environments?
4. As a healthcare provider, how satisfied are you with the level of data security offered by software vendors?
5. If you look at the health system in your country, how well prepared is it in order to enable secure electronic health information exchange between different types of healthcare providers?
6. In your opinion, which country do you consider being a role model for advanced health information exchange and continuity of care?
7. How likely is it that your organisation will purchase a new Hospital Information System / Electronic Medical Record System from a different vendor within the next 12-24 months (i.e. not the one you are currently using)?
8. In your opinion, which of the following countries provide the best sales opportunities for HIS/EMR vendors in Europe over the next 12-24 months?
9. How will the environment for eHealth innovation and investment in your country develop over the next 12 months?
Main Topic: „Data Security“
5
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
KEY FINDINGS
eHealth Business climate: The business trend for eHealth continues to be positive in all surveyed countries, despite a slight decrease over the last months.
Lessons on data security and recommendation for EMR vendors5
Lesson 1: Medical data are perceived to be relatively well protected, but not all of it.eHealth professionals are not particularly concerned about the protection of medical data, neither in terms of national regulation nor with regards to measures used by different healthcare providers. But there are a few exceptions, e.g. security from wellness and fitness applications or by home and social care providers.
Lesson 2: Europe is not equal when it comes to perceived levels of data security.The Nordics are more satisfied than most other European countries/regions, especially with regard to the safety of their own personal medical data and the appropriateness of data security efforts by public hospitals and health authorities. On the other end of the scale is Germany where data security concerns are stronger.
Lesson 3: You can trust your software vendor’s data security efforts, but they won’t necessarily trust you (until you buy more).Healthcare employees are, by and large, rather satisfied with the data security measures put in force by software vendors. But software vendors themselves are less satisfied with the way healthcare providers protect medical data. SW vendors might want to sell additional products offering higher levels of security (which care providers cannot afford) or they might have a higher awareness (than healthcare employees) about potential gaps in their products.
Lesson 4: (More) financial incentives are needed to improve the security of medical data. It’s the financials, stupid! eHealth professionals do not blame legislation, IT infrastructure, technical standards, software vendors, not even the patients to be a roadblock for secure Health Information Exchange (HIE) with external organisations. They call for financial incentives to stimulate and push secure HIE.
Lesson 5: Denmark is the role model for secure Health Information Exchange and Continuity of Care. eHealth professionals across Europe see the Danish Health System as the most advanced one regarding secure HIE. With some distance Estonia and Sweden follow on rank 2 and 3.
EMR Vendor Recommendation: Find new clients in the UK and Nordics, try to retain existing clients in other European countries.Healthcare providers in the Nordic countries expect most EMR replacements (to different vendors) over the next 1-2 years. Software vendors themselves feel that the UK is the most attractive market for EMR and HIS for that same timeframe.
1
6
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
SAMPLE DISTRIBUTION – SURVEY PARTICIPANTS
Geographic distribution Type of organisation Respondent‘s occupation
13%
10%
16%
10%16%
9%
9%
17%
Germany
Austria
Switzerland
Netherlands
Nordic countries
UK
Spain
Other
n=383
Country nGermany 50Austria 37Switzerland 60Netherlands 40Denmark 17Finland 13Norway 17Sweden 16United Kingdom 33Spain 34Other* 66Total 383
Countries or regions with more than 30 participants are shown individually.
*„Other“ respondents are from: Italy, Belgium, Estonia, USA, Portugal, France
57%
12%
31%
Health facility
IT Software vendor
Other
46%
19%
17%
5%
13%
IT officers
Governance
Nursing staff
Other
Physicians
27%
19%
17%
10%
5%
22%
Health Authority
Academic Sector
Consulting
Research
Journalism & PR
Other
Other: IT hardware vendor, pharmaceutical company, governmental organisation
Other: Pharmacy, research, IT, marketing
Strong participation from D-A-CH, Netherlands, Nordics, UK and Spain. The survey attracts a broad range of eHealth professionals: „only“ 40% are responsible for IT (in health facilities or for SW vendors), another 60% work as clinicians, in governance, consulting or other areas.
7
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
3.3
3.0
3.3
3.3
3.4
3.6
3.7
3.6
3.3
2.8
3.4
3.4
3.7
3.5
3.7
3.3
3.2
2.6
3.0
3.2
3.6
3.4
1.0
4.2
Total
Germany
Austria
Switzerland
Netherlands
Nordics
UK
Spain
RESULTS – NATIONAL DATA PROTECTION REGULATION
How satisfied are you with the regulation put in force by your national government in order to protect your medical data?[Mean values; scale from 1 “very unsatisfied” to 5 “very satisfied”; without “other” organisations]
Most eHealth professionals, no matter if they work in health facilities or for software vendors, are neither particularly satisfied nor unsatisfied with the regulation of medical data protection in their country. As such, a call for governmental action doesn’t seem urgent.
Valid responses by country: Germany: n=48; Austria: n=35; Switzerland: n=35; Netherlands: n=40; Nordic Countries: n=62; UK: n=32; Spain: n=34
Veryunsatisfied
Verysatisfied
Veryunsatisfied
Verysatisfied
Veryunsatisfied
Verysatisfied
3.3Total average
Health facilityn = 214
Software vendorn = 42
Totaln = 371
8
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
3.1 3.6 3.4 3.2 2.8 3.4 3.6 2.03.2 3.7 3.4 3.3 2.8 3.3 3.6 2.02.5 3.2 3.2 2.6 2.4 3.2 3.4 1.9
GeneralPractioners andSmall Day Clinics
Public Hospitals Private Hospitals RehabilitationFacilities
Home and SocialCare
Organisations
HealthInsurance
Organisations
GovernmentalOrganisations
Wellness andFitness
ApplicationProviders
Totaln = 291-372
Health facilityn = 168-213
Software vendorn = 38-44
RESULTS – DATA PROTECTION IN DIFFERENT ENVIRONMENTS 1/2
In your role as a patient, how well protected do you see your personal medical data in the following environments?[Mean values; scale from 1 „very unsafe“ to 5 „very safe”; without “other” organisations]
Medical data are perceived to be protected relatively well in most health environments. An exception is the wellness and fitness application environment, where data protection is perceived to be unsatisfactory. Home and social care organisations are also rated below average. Hospitals, which topped the headlines during recent cyber attacks, receive some of the best ratings. Professionals working for software vendors are generally more sceptical than people working in health facilities (do they know the gaps?).
3.1Total average
Veryunsatisfied
Verysatisfied
9
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
2.5
2.9
2.6
2.9
3.8
3.8
3.5
3.3
3.5
3.2
3.4
4.3
3.6
3.8
3.2
3.8
3.3
3.0
4.0
3.4
3.6
2.7
3.5
3.0
2.9
3.9
3.3
3.7
2.2
2.6
2.4
2.6
3.6
2.8
3.1
3.1
3.3
3.5
3.2
3.9
3.2
3.2
3.5
3.2
3.6
3.5
4.3
3.7
3.8
1.6
1.8
2.0
2.0
2.1
2.1
2.5
Germany
Austria
Switzerland
Netherlands
Nordics
UK
Spain
RESULTS – DATA PROTECTION IN DIFFERENT ENVIRONMENTS 2/2
In your role as a patient, how well protected do you see your personal medical data in the following environments? [Mean values; scale from 1 „very unsafe“ to 5 „very safe”; without “other” countries]
The perception of how well data are protected in different health environments varies by country. This perception is mostly in line with the findings from national medical data security regulation, i.e. eHealth professionals from the Nordic countries feel more safe about their personal medical data than Germans.
Valid responses by country: Germany: n= 41-48; Austria: n= 29-37; Switzerland: n= 49-57; Netherlands: n= 28-38; Nordics: n= 40-62; UK: n= 17-33; Spain: n= 26-33
General Practitioners
and Small Day Clinicsn = 357
Public Hospitalsn = 372
Health Insurance
Organisationsn = 314
Private Hospitalsn = 311
Home and Social Care
Organisationsn = 316
Rehabilitation Facilitiesn = 291
GovernmentalOrganisations
n = 354
Wellness and Fitness
Application Providersn = 331
3.1Total average
Total(All respondents)
10
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
3.2 2.7 3.2 3.1 3.2 3.3 3.8 3.2 3.4
Totaln = 214
Germanyn = 28
Austrian = 27
Switzerlandn = 37
Netherlandsn = 18
Nordicsn = 30
UKn = 22
Spainn = 19
Othern = 33
RESULTS – DATA PROTECTION BY SOFTWARE VENDORS
From the perspective of healthcare employees, data security measures put in force by software vendors are also perceived to be, by and large, acceptable. This is in line with previous findings, i.e. efforts made through national regulation or by different care settings/stakeholders. Healthcare employees in the UK are most satisfied with their vendors, their German peers are (again) the most critical.
Veryunsatisfied
Verysatisfied
As a healthcare provider, how satisfied are you with the level of data security offered by software vendors?[Mean values; scale from 1 “very unsatisfied” to 5 “very satisfied”; only participants who are working in a health facility; without “other” countries]
3.2Total average
11
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
3.4 3.1 2.2 3.2 2.8 3.3 3.13.4 3.1 2.1 3.2 2.8 3.2 3.03.3 3.0 2.2 3.3 2.7 3.3 3.6
Data PrivacyLegislation
IT Infrastructure FinancialIncentives
TechnicalStandards
Flexibility andWillingness ofClinical Staff
Flexibility andWillingness of
Patients
Flexibility andWillingness of
Software Vendors
Totaln = 329-370
Health care facilityn = 185-213
IT software vendorn = 41-44
RESULTS – SECURE HEALTH INFO EXCHANGE ENABLEMENT 1/2
If you look at the health system in your country, how well prepared is it in order to enable secure electronic health information exchange between different types of healthcare providers?[Mean values; scale from 1 „flop“ to 5 „top“; without “other” organisations]
It’s the financials, stupid! eHealth professionals do not blame legislation, nor IT infrastructure, nor technical standards, nor software vendors, and not even the patients to be a roadblock for secure Health Information Exchange (HIE) with external organisations. They call for financial incentives to stimulate and push secure HIE. In terms of self-perception healthcare employees are self-critical: Clinicians should be more flexible and motivated to embrace HIE. SW vendor employees perceive themselves to be particularly flexible, which is not as much the case from an external perspective.
3.0Total average
!
Flop
Top
12
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
2.9
3.6
3.5
3.0
3.7
3.5
3.6
2.3
3.3
3.0
2.9
3.5
2.8
3.6
1.8
1.9
2.0
2.3
2.7
2.0
2.4
2.2
3.4
3.5
3.1
3.3
3.2
3.6
2.4
2.6
2.6
2.8
3.2
2.8
3.1
3.1
2.8
3.0
3.7
3.8
3.5
3.2
2.9
3.4
3.2
2.7
3.2
2.9
3.3
Germany
Austria
Switzerland
Netherlands
Nordics
UK
Spain
RESULTS – SECURE HEALTH INFO EXCHANGE ENABLEMENT 2/2
If you look at the health system in your country, how well prepared is it in order to enable secure electronic health information exchange between different types of healthcare providers?[Mean values; scale from 1 „flop“ to 5 „top“; without “other” countries; without answer option “other”]
More financial incentives are demanded across all countries, but particularly in Germany and Austria (although Austrians already have a nation-wide health record infrastructure (ELGA) in place). In Germany, eHealth professionals also have a negative perception of their Health-IT Infrastructure and Technical Standards. This is a likely reaction caused by multiple delays with the national EHR platform. eHealth Professionals from the Nordics and Spain see themselves (mostly) on the right track.
Valid responses by country: Germany: n= 44-47; Austria: n= 31-36; Switzerland: n= 55-59; Netherlands: n= 33-38; Nordics: n= 50-63; UK: n= 27-33; Spain: n= 31-34
Data Privacy Legislation
n = 362
IT Infrastructuren = 368
Flexibility and Willingness of
Patientsn = 361
Financial Incentives
n = 329
Flexibility and Willingness of Clinical Staff
n = 370
Technical Standards
n = 367
Flexibility and Willingness of SW Vendors
n = 361
Total(All respondents)
3.0Total average
13
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
24
15
12
9
7
7
6
6
5
27
19
11
27
8
28
7
21
7
21
7
31
13
10
8
10
8
15
19
16
19
23
6
6
38
12
10
10
14
6
6
16
24
16
12
12
12
17
8
17
8
21
25
Denmark
Estonia
Sweden
Netherlands
Austria
Finland
Norway
United Kingdom
Switzerland
Spain
Germany
Belgium
Other*
RESULTS – ROLE MODEL COUNTRY FOR CONTINUITY OF CARE
In your opinion, which country do you consider being a role model for advanced health information exchange and continuity of care?[Responses in percent; labels only shown when >5%]
Overall, Denmark is perceived to be the leading country for continuity of care and HIE. One in four eHealth professionals puts the Danes on top. With some distance Estonia and Sweden follow on rank 2 and 3. This order changes slightly from country to country. Dutch and Spanish eHealth professionals perceive their own country to be leading. Spain in particular seems to have an issue with external perception, hardly any respondent from outside Spain values their achievements. Germany and Belgium are trailing behind.
Totaln = 294
Germanyn = 37
Austrian = 29
Switzerlandn = 48
Netherlandsn = 31
Nordicsn = 50
UKn = 25
Spainn = 25
* “other“ country: USA, France, Iceland, Andorra
DKLeading Country
14
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
14% 10% 8%18%
11%27%
19%
13%7% 8%
10%17%
17%
10%
28%
7%
3%15%
17%
5%
18%
21%12% 21%
11%
17%
14%17%
47%59% 58% 51%
61%
23%
52% 56%
Totaln = 215
Germanyn = 29
Austrian = 26
Schwitzerlandn = 39
Netherlandsn = 18
Nordicsn = 30
UKn = 21
Spainn = 18
RESULTS – PURCHASE PLANS FOR HIS/EMRs
How likely is it that your organisation will purchase a new Hospital Information System / Electronic Medical Record System from a different vendor within the next 12-24 months (i.e. not the one you are currently using)?[only participants who are working in a health facility; without “other” countries]
EMR/HIS vendors are likely to find best market opportunities in the Nordic countries, where healthcare professionals indicated that their organisation is likely to purchase a new system – from a different vendor – over the next 1-2 years. The lower values in other countries might be an indicator that hospitals there are more loyal to their current vendor or find it more difficult to switch to a different one.
Most active market
NORDICS
2.3 1.9Means 2.0 2.2 3.1 2.3 2.02.1
Very likely
Likely
Very unlikely
Unlikely
Neither likely nor unlikely
15
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
RESULTS – SALES OPPORTUNITIES FOR HIS/EMRs
In your opinion, which of the following countries provide the best sales opportunities for HIS/EMR vendors in Europe over the next 12-24 months?[only participants working for a software vendor; n = 31]
The UK is the land of milk and honey for HIS/EMR sales, at least from the view of software vendor employees. Denmark, Sweden andSwitzerland, albeit much smaller, are ranked on the same level as Germany.
Best opportunities
UK
29% 13% 13% 13% 13% 6%3% 3% 3% 3%
UnitedKingdom
Denmark Germany Sweden Switzerland Finland Austria Belgium Norway Spain
16
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
28 24
42 4338 35
7469
77 73
89
65 6960
65
27
50
3628 30
57 52 5448
1 2 3 4 5 6
DACH Nordics Netherlands UK All countries
RESULTS – BUSINESS EXPECTATIONS
From a general perspective: How will the environment for eHealth innovation and investment in your country develop over the next 12 months?[Score for “Balance of business expectations” = (percentage “improve” – percentage “worse”)*100]
+100-100
Bal
ance
of
bu
sin
ess
exp
ecta
tio
ns*
Very positive expectations
Very negative expectations
2015 – Q2 2015 – Q3 2016 – Q2 2016 – Q3 2016 – Q4
Business prospects for the eHealth sector continue to be very positive, albeit at a slightly lower level than at the end of 2016.While to be digested with caution (low response rate) eHealth professionals from Finland are particularly optimistic (92% expect an improvement).
worse steady improve N
Germany 2% 60% 38% 50
Austria 11% 62% 27% 37
Switzerland 7% 33% 60% 60
Netherlands 5% 30% 65% 40
Belgium 0% 0% 10% 7
Denmark 6% 29% 65% 17
Norway 6% 18% 76% 17
Sweden 0% 31% 69% 16
Finland 0% 8% 92% 13
United Kingdom 12% 39% 48% 33
Italy 13% 56% 31% 16
Spain 3% 44% 53% 34
All countries 6% 40% 54% 369
Results by country (2017 – Q2)
2017 – Q2
17
© HIMSS Analytics | eHealth TRENDBAROMETER Q2/2017
Thank you for your participation!
HIMSS Analytics
Office Leipzig
Schwägrichenstraße 9
04107 Leipzig
Germany
www.himss.eu/analytics
www.himssanalytics.org
Join the European eHealth community panel