HITaPS Survey - GoHIT: Governance of Health Information Technology

HITaPS Survey-

In 2007, the project culminated in the construction and administration of the Hospital Information Technology and Privacy Survey (HITaPS). HITaPS was a fixed response, web-based survey of 1000 randomly selected hospitals, drawn from16 states across the country. Although the basic unit of analysis was the hospital, separate survey modules gathered data from two individual respondents within each organization: The Chief Information Officer and the hospital Privacy Officer. Parallel questionnaires recorded organizational policies and practices within these respondents’ respective purviews and gauged prevailing organizational culture on key HIT governance issues.

The Hospital CIO Module: To guage the various factors that affect HIT use, the HITaPS questionnaire asked hospital CIOs about such topics as: HIT adoption; security and standardization policies; attitudes toward HIT and HIT governance; the organization of the hospital's information-systems office; and the structure of HIT decision processes.

The Hospital Privacy Officer Module: To investigate the various factors that affect HIPAA compliance, the HITaPS questionnaire asked hospital privacy officers about such topics as: Privacy policy adoption; attitudes toward the HIPAA privacy rules and toward privacy protection more generally; the organization of the hospital's privacy office; and the structure of privacy decision processes.

Responses to these two modules can be merged to form a single comprehensive data set -- the first of its kind since the inauguration of the HIPAA regulations. This new resource gives researchers an unprecedented ability to trace the complex connections between HIT adoption and HIPAA compliance, as a diverse sample of hospitals encounter the same regulatory initiative within widely varying economic, technical and legal environments.

*****

Substantively, the HITaPS data focus on five broad classes of questions:

(1) IT Practices: The survey collected extensive data on the politics and timing of HIT adoption decisions, with a particular focus on electronic health records (EHRs) and computerized provider order-entry (CPOE). Questions also explored the implementation of various governance-related “best practices” in the core HIPAA domains of data standardization and interchange, patient privacy, and computer security.

(2) HIPAA Privacy Compliance: An extensive battery of questions examined the staffing of the hospital’s Privacy Office, the privacy policy-making process, and the adoption of specific legal compliance tactics.

(3) Organizational Culture: Beyond objective policies and practices, the survey also tapped subjective aspects of organizational culture that might bear on HIT governance –including aspects of both “technology culture” and “legal culture.” In addition, the survey measured more generic cultural orientations toward patients, coworkers, professional bodies, and the state.

(4) Network Relations: As possible determinants of both practice and culture, the survey examined intra- and inter-organizational social networks . Among other things, respondents were asked about internal decision making and external benchmarking on issues of both technology and law. Other survey items gauged the level of social capital (social interconnection) both within each hospital and between the hospital and the larger community.

(5) Structural Characteristics: The survey also incorporated an array of traditional measures of organizational and environmental structure. Key organizational concerns include size, bureaucratization, ownership structure, and mission of the hospital, while key environmental concerns include market competition, population demography, payer mix, and political climate in the surrounding community. In addition, the survey gauges the power of various internal and external stakeholder groups within the organizational coalition, both through direct reports and through items on the composition of the IT decision-making team and the professional background of the CIO and the HIPAA Privacy Officer.

*****

The HITaPS instrument was administered as an Internet-based questionnaire, with telephone recruitment and e-mail and telephone follow-up. In total, the field period ran from January through December of 2007, although most respondents completed the questionnaire between June and August. Respondents were sampled from the universe of all civilian, non-carceral, general medical and surgical hospitals of 50 beds or more with listings in the American Hospital Association’s 2004 Annual Survey.

The frame was a stratified random-sample, structured to tap variation in both market conditions and legal environments. Specifically, hospitals were drawn from 16 states across the country -- two in each of 8 Federal Circuit Court jurisdictions, with states being paired across jurisdictions on the basis of socio-economic similarity. The focal states were: AZ, CA, CT, FL, GA, IL, MD, MI, MN, MO, MS, NY, SC, TN, TX, and WI.

Final response rates were approximately 50% for the Privacy Officer survey, and 20% for the CIO survey. Through collaboration with the AHA’s Health Research and Education Trust (HRET), the project team has obtained AHA Survey data for all sampled hospitals – both participants and non-participants – allowing sample-selection modeling to correct for potential response biases.

*****