Healthcare Information Security

Cybersecurity News

Internal Data Encryption Lagging, Says WEDI Survey

By Elizabeth Snell

- Internal data encryption, as well as at-rest data encryption, are two areas that healthcare facilities could improve upon, according to a recent Workgroup for Electronic Data Interchange (WEDI) survey.

Results from the survey were discussed in a letter to ONC National Coordinator Karen DeSalvo, with WEDI also commenting on the recently proposed ONC Interoperability Roadmap. While WEDI “strongly supports” the ONC’s push toward nationwide interoperability, there are still several areas that the roadmap can “better reflect the realities, gaps, challenges, and opportunities across the current landscape.”

“WEDI believes that the proposed timing and scope of the roadmap actions are aggressive and suggests that ONC prioritize actions,” the letter stated. “WEDI believes that the healthcare industry is still working on implementing the basic infrastructure in order to support the exchange of electronic health data.”

WEDI conducted a survey of nearly 370 industry stakeholders to show how they view interoperability and how they are working toward achieving that goal. Respondents included health plans, providers, health IT vendors, and health information exchange organizations.

One of the key findings was that while facilities implement data encryption while information is in-transit externally, organizations have fallen behind when it comes to internal data encryption and at-rest encryption. Forty-nine percent of respondents said that data is encrypted when in-transit externally, while 35 percent stated that it was encrypted for internal in-transit use. Just 36 percent reported using data encryption for when information is at-rest.

“Security concerns are reported to deter organizations from electronically exchanging data externally with non‐affiliated organizations, but generally do not deter stakeholders from internally exchanging data,” WEDI explained in the letter.

Screen Shot 2015-04-08 at 8.39.04 AMWEDI added that while the 49 percent of stakeholders using encryption for external data transportation, it would be more desirable to have a higher percentage in this area. This is especially true as the sensitivities around health data security increase.

“Data encryption is an area of opportunity for future surveys to delve into further, given the largest group of respondents are unaware of this information,” the report stated.

The survey also found that the majority of respondens – 84 percent – were not concerned about security when they exchange information internally. However, data security concerns increase when facilities begin to exchange data externally, whether at an affiliated organization or a non-affiliated one. Approximately one-third of those surveyed said that security concerns deter them from electronically exchanging health data to affiliated organizations, with nearly half – 49 percent – saying they had concerns when exchanging with non-affiliated organizations.

When respondents do exchange information with non-affiliated organizations, the most common method is through secure electronic messaging. Specifically, 66 percent stated that they use secure electronic messaging either routinely or occasionally.

“Given the responses earlier related to security concerns and the increased concern related to exchange with non‐affiliated entities, we surmise the decrease here is more related to security concerns than system capabilities,” WEDI stated in the report.

Screen Shot 2015-04-08 at 8.50.18 AMAlong with data security concerns and facilities’ data exchange capabilities, WEDI also discussed the following topics:

  • Universal patient identifier
  • Interoperability barriers and challenges
  • Interoperability’s impact
  • Health IT market

“Based on the survey results, industry stakeholders appear to continue to move forward in their efforts to exchange clinical information but growth is inhibited due to implementation costs and limited visible impact on clinical and business outcomes,” the report concluded. “WEDI offers our support to ONC to help measure and monitor interoperability.”



SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks