Stronger security focus to be introduced to HIMSS’ digital maturity criteria
- 9 October 2017
HIMSS’ model for assessing an organisation’s adoption of electronic patient records is being updated to include a stronger focus on security.
The criteria for the body’s EMR Adoption Model (EMRAM) are to be refreshed at the beginning of next year. Six of its eight stages will now include specific requirements around security.
“The current model was about 12 years old, and we have recognised changing trends in health IT adoption,” John H. Daniels, vice president of HIMSS Analytics healthcare advisory services group told Digital Health News.
“We have seen a significant increase in attention on security in healthcare. Therefore, the updated criteria include security capabilities intended to help provide a roadmap for hospitals as they work to mitigate the threats and vulnerabilities they face increasingly as they implement health IT.”
To reach stage two, for instance – which centres on having a core clinical data store – organisations will be required to have device encryption and mobile security in place. They will also have to demonstrate they fully train users in security issues.
At level five, any hospital owned mobile devices will have to be able to be wiped remotely.
To reach level seven, meanwhile – the highest of the stages in the model – organisations will need to be able to demonstrate they have a “privacy and security programme in place”.
They will have to “present an overview of strategy, infrastructure policy and procedures in this area”.
The HIMSS EMR Adoption Model, which originated in the United States, was first launched in 2005. It is intended to “measures healthcare organisations on their progress towards achieving the ideal paperless patient record environment”.
There are currently no UK hospitals ranked at stage 7 of the model. However, three are said to have reached stage 6 –Addenbrooke’s Hospital (Cambridge University Hospitals NHS Foundation Trust), Croydon University Hospital (Croydon Health Services NHS Trust) and St George’s Hospital (St George’s University Hospitals NHS Foundation Trust).
In 2013, NHS England and Digital Health Intelligence launched the NHS-specific clinical digital maturity index (CDMI).
Regular reports by Digital Health Intelligence, sister company to Digital Health News, assess how the NHS is progressing on technology adoption. In April 2017, its research concluded the government’s target for all NHS hospitals to become paperless would not be met before 2027.