There’s no shortage of news stories and think pieces outlining the ways regulations have hurt healthcare in the U.S., from spending to physician burnout. (Notably, there’s also no shortage of stories claiming the opposite.) Regardless of this debate around benefits vs. protections, there are a few non-negotiables–like doing everything possible to prevent a breach. Patients are entrusting organizations with their health data in way that they don’t understand and failure to protect their data can lead to clear and direct harm (via embarrassment, or identity theft–healthcare records are considerably more valuable than credit card numbers, or discriminatory practices from employers).
As a result, many engineering and IT departments in the healthcare industry accept a reduced level of function and service in order to avoid costly penalties. Unfortunately, this also harms their customers because of reductions in the effective level of care.
New, smaller and more agile healthcare companies are encountering these legacy environments. For example, they may only be able to get a “data dump” every week (or month) from partners, and many of the organizations they partner with are exporting data in formats that are expensive to work with, like retro formats from ’70’s and ’80’s mainframes.
This is a problem in an era where customer service has become the crux of any business. The healthcare providers that don’t change because of the regulatory risk will not be able to build a quality consumer product, even for internal platforms. And internal products have to be consumer grade, now, as well. We’ve talked with doctors who changed jobs because their hospital adopted a medical record system that was bad.
The truth is that newer technologies can allow healthcare systems to do both, but fear of transition and possible compliance violations are holding progress back. And that’s why, in 2018, we can get a probe to Pluto but we can’t send over health records within minutes of a patient’s request. To scale a new infrastructure and workflow for the largest healthcare systems is a huge project, so changes with clear benefits–like DevOps practices, iterable software development and a constant release schedule–are met with resistance. Here are three ways healthcare systems can start digging themselves out of this:
#1: De-silo. Most have heard this advice, but acting on it is different for every organization. At a high level, most healthcare IT departments have a compliance group, an infrastructure group, a security group and a product engineering group, all working independently of each other. The compliance group (usually lawyers and analysts who often lack technical expertise), need ongoing conversations with engineering and security so that the latter understands the compliance requirements. In return, those teams can help the compliance group understand trade-offs, what’s realistic, anticipated roadblocks, etc.
Security teams tend to develop their own compliance controls internally and often don’t tie back their controls to actual regulation and policy. The infrastructure engineering teams are concerned with implementing compliance and also care that the system is always available to customers. The product engineering team wants to build something of value that keeps customers safe and meets their needs. All of these different priorities require complex tradeoffs, making it unsurprising that systems don’t fulfill customer expectations. To de-silo here, compliance teams should act as consultants to product teams and help them understand the compliance requirements. Additionally, consider merging the defensive security and infrastructure teams into a single team with a safety and availability mandate; high-quality infrastructure and high quality security end up at the same place.
Guest post by Gillian Christie, health innovation analyst, Vitality.
Gillian Christie
An era of self-quantification of health behaviors using technology is emerging outside of the doctor’s office. Consumer-facing health technologies empower individuals to monitor their health in real-time, employers to understand the health of their workforce, and researchers to uncover health trends across geographies. Eventually, the data from these technologies will re-enter the hospital setting by linking to our electronic medical records.
Deluges of data are rapidly being generated by these technologies. An estimated 90 percent of the world’s data has been created in the past two years. IBM’s CEO, Ginni Rometty, indicates that data is the “next natural resource.” But how are these data protected and secured?
In the United States, laws have historically protected consumers from the misuse or abuse of their medical information. The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have protected medical data from inappropriate uses. Data generated by consumer-facing health technologies, however, are not covered by these Acts. Companies can use the data for their own purposes. This means that companies must be ever more vigilant in ensuring the trust of their consumers through their data practices.
How can we collaborate across sectors to maintain and enhance trust? As a start, Vitality, Microsoft and the Qualcomm Institute at the University of California, San Diego, published an open-access, peer-reviewed commentary that outlined ethical, legal and social concerns associated with emerging health technologies. The call to action was for guidelines to be developed through a consultative process on the responsible innovation of these technologies and the appropriate stewardship of data from the devices. Between July and October 2015, we hosted a global public consultation to identify best practices. On Mar. 2, 2016, at HIMSS, we released the finalized guidelines for personalized health technology. They include five recommendations:
Guest post by Chris Boone, CEO, Health Data Consortium.
Consumers are receiving more health data than ever, as evidenced by the myriad mobile apps (WeightWatchers, Mindshift, Nike+ Training Club, etc.) and wearables (FitBit, iWatch, Jawbone, etc.) now available. With health data so pervasive, health literacy has become a commonly discussed issue as it pertains to consumers’ ability to obtain and process healthcare information to make better healthcare decisions. But, with the advent of so much data, there must be a national emphasis on the importance of health data literacy, as well, to empower patients to leverage available data in a meaningful way that can improve their and their loved ones’ health outcomes.
The Health Data Literacy Landscape
There remain challenges to the health data movement – such as privacy concerns – and as a result, questions around how to improve health data literacy remain largely unexplored. The road to health data literacy starts with digital access to health information, and new technologies that seamlessly augment consumers’ daily health practices to enable better health decision-making. Interestingly enough, however, the rate at which health data entrepreneurs and innovators are producing incredible technologies may be exceeding the rate at which consumers are able to digest and use the information.
So, how do we leverage the opportunities provided by greater access to health data without overwhelming the consumer?
Data Visualization and the User Experience
Once data becomes accessible to consumers, data visualization is a key component to ensuring it is understandable and actionable. Consumers must be able to comprehend and digest data to put it to work.
In addition – and like in any other industry – the user experience must be a top priority when building new technologies. We need developers to build mobile apps, wearables, websites, etc. that are simple in design with an emphasis on providing useful and easily actionable data for consumers.
