- Around one-third of healthcare organizations are still “on the journey” to comply with the EU's General Data Protection Regulation (GDPR), even though the GDPR took effect May 25, according to a cross-industry global survey of 3,958 IT leaders by Harvey Nash and KPMG.
The good news is that 67 percent of healthcare organizations have completed or mostly completed their GDPR compliance journey.
GDPR applies not only to EU organizations, but any organization regardless of location that holds and processes personal data of individuals residing in EU countries. Violators could fast hefty fines of up to €20 million.
Healthcare is way ahead of the education and broadcast/media industries, with a majority of IT leaders in both those industries still “on the journey” to GDPR compliance.
Overall, more than one-third of those surveyed across industries said they did not expect to be compliant with GDPR when it took effect.
Under GDPR, you must get clear consent from the EU data subjects to have their personal information handled and processed by you; the purpose of the data processing must be included in the consent form.
For “sensitive personal information,” which includes medical records, the subject must actively “opt in” to have their data collected and processed.
EU data subjects have the right to obtain information about whether their personal data is being processed, where that is being done, and for what purpose. Further, the organization must provide a copy of the personal data, free of charge, in an electronic format to the data subject and must delete the information if the subject so requests.
An organization must notify EU data protection authorities about a data breach within 72 hours of when it becomes aware of the breach in which personal data of EU residents may be at risk.
“Data is shaping the business world from head to toe. We see it in the urgency of right now with the need to protect data privacy and ensure data integrity. We see data shaping the future as machine learning and AI advancements push beyond data analysis into a place where IT systems are combing, learning and reacting to data with strategic solutions,” said Bob Miano, president and CEO of Harvey Nash USAPAC.
The Harvey Nash/KPMG survey also found that 13 percent of healthcare IT leaders said they were not well prepared to identify and deal with cyberattacks. By contrast, 22 percent of IT leaders in education said they were not well prepared for a cyberattack. One in five IT leaders in the oil and gas and transportation/logistics said they were not well prepared for a cyberattack.
Twenty-nine percent of healthcare IT leaders have experienced a major IT security event or cyberattack in the last two years, below the global industry average of 33 percent, the survey found.
The good news is close to half of healthcare IT leaders are expecting an IT budget increase in the next 12 months, while only 14 percent expect an IT budget decrease. The board’s top IT priority in healthcare is operational efficiencies.
Around 39 percent of healthcare IT leaders said they have an enterprise-wide digital strategy in place.
“Technology disruption continues to play a significant role in today’s business environment and, while more CIOs understand the importance of implementing a digital strategy, most are still struggling with integrating digital into their core processes to address business goals,” said Denis Berry, KPMG principal and US CIO advisory leader.
Forty-one percent of IT leaders in healthcare said that they saw a base salary increase in the last 12 months, and 38 percent said they feel “very fulfilled” in their current job.
Only 23 percent of healthcare IT leaders said they have seen an increase in spending on outsourcing, the least of any industry. The healthcare sector plans to increase spending by less than the global average across all external resourcing options – outsourcing, offshoring, nearshoring, and onshoring.
“With so much dependent on the protection and promise of data, the next five years will be a continued struggle to find, recruit, and retain skilled data science and analytics professionals,” said Nash.