Healthcare is not without its issues. Seemingly, for each source asked what the biggest problem the sector faces, there is a differing opinion on what’s most important. I’m often perplexed by the lack of cohesiveness shown toward the industry’s leading issues, too, and sometimes wonder how many of us could name the most pressing threats to the industry, as agreed upon by the community. There are clear problems – interoperability, lack of transparency, disparate systems working against each other — to name a few. So, in the following series, I’ve asked some insiders for their opinions on health IT’s greatest problems, and as you’ll see, they responses received vary greatly.
Healthcare IT struggles mightily with patient information that is not in the medical record system, but has leaked into other locations in the healthcare organization (cell phone emails, USB drives, employee desks, etc.). Healthcare organizations have moved Protected Health Information (PHI) into HIPAA compliant electronic health records (EHRs) systems, patients maintain electronic copies of their health information, which they give to their different providers as they move between appointments. This “patient distributed information” becomes PHI, with all its associated compliance and legal burdens for the health care organization.
There is liability associated with this, and information governance strategies available that reduce the associated risks. Patient distributed information is present on smartphones, tablets, laptops, and the like are not sanctioned EHR (such as email, file directories, etc.). These devices are not part of the organization’s HIPAA compliant system, and never can be. Most healthcare providers ignore the problem, which eventually leads to catastrophic security failures resulting in patient privacy breaches, and career damaging incidents for the healthcare IT department.
To eliminate the problem, IT needs to look to integrate an information governance framework that can:
Interview employees to understand how they deal with and understand this issue.
Audit, usually done with software systems, to provide objective evidence and quantification of the presence of PHI on your digital systems.
Set specific policies and procedures employees can follow in each and every situation when they come into contact with “patient distributed information.”
Provide raining and review of policies and procedures work.
Automate the policies and procedures with software systems to ensure compliance.
Surveil your digital systems is the best way to monitor and review your program, as well as seek to improve it.
Acknowledge the increasing presence of patient distributed information on your digital systems, and have a plan for how to address it. Look to information governance to establish a strategy and program to address patient distributed information. With the proper policies, procedures, training, and systems in place your organization will be able to effectively handle and mitigate the risks.
It’s obvious from the varying responses below that there are a plethora of health IT issues affecting a number of areas in and throughout hospitals. In reviewing a number of healthcare issues, the following thought leaders offer what they feel are the top IT issues in healthcare.
As is often the case in profiles such as this, the responses are diverse and varied. Do you agree with their assessments?
I work with hospitals nationwide and I find that the top issues facing the hospital are:
1. How to align the interests of the physician with the hospital in a world where the hospital takes risk? Physicians used to get paid by “time and material” in the old world and the hospital got paid by “contracted costs.” The new reality has both the physician and the hospital getting paid a fixed amount to then manage the cost of healthcare on a “fixed price” for lack of a better word. IT challenges: The tools in the “time and material” world are unsuitable to manage the new reality in a “fixed price” world. This is a top challenge.
2. Real-time P & L — If you ask a hospital CFO what the profitability of the current patients in Unit 10, they would give you a blank stare. This is because the do not know what they are going to get paid (the DRG or diagnosis-related group reimbursement) much less what their current costs are. Thus, the lack of visibility into managing costs creates havoc. IT challenges: Systems that can develop a view into costs and projected revenue require a lot of specialized people to provide the information even in hospitals that have a partial solution. Most hospitals do not know where to turn for new ways of thinking. This is a big IT challenge.
Doug Nebeker, owner and technical expert, Power Admin LLC Staying on top of compliance and auditing tasks is a top issue facing hospital IT departments today. As more and more data moves into the digital space, IT departments can easily become overwhelmed as staff gets bogged down with the tedious task of trying to keep track of what’s happening where in the system. Network monitoring software is seeing a boom as a result, quickly becoming an IT necessity for managing increasingly complex network auditing and compliance processes. Technology is meant to help, not hinder, and so as we continue to utilize it in new ways we must ensure our process management keeps pace.
Hospitals and other healthcare organizations will always have the need to exchange “unstructured” data. While there is a large focus on meaningful use, ICD and other mandates, many hospitals and organizations are not taking into account the need to quickly, affordably and securely transmit unstructured data while also staying HIPAA compliant. One of the main issues is that public cloud services are not HIPAA compliant. Healthcare organizations can work around this by extending their existing fax server solutions to the hybrid cloud, allowing both custom and popular EHR applications to communicate with each other via a private secure network, guaranteeing delivery with military grade end-to-end encryption. By eliminating the need for costly and cumbersome network fax systems, such as fax boards and recurring telephony fees, hospitals can leverage the hybrid cloud to swiftly manage all business-critical fax communications while staying HIPAA compliant.
David S. Finn, CISA, CISM, CRISC, ISACA professional influence and advocacy committee member, health IT officer, Symantec Healthcare is undergoing fundamental changes in reimbursement, care delivery models and the technology required to make these changes. Technology and information is no longer an adjunct to the business of healthcare — it is a strategic imperative. This information, however, is among the most regulated and protected information under the law. The data must be shared more widely with more people and organizations, all the while with stricter security and privacy controls. At a high level, the most critical issues facing health IT are:
1. Security and Privacy Healthcare, historically, has not invested in nor staffed appropriately in terms in of Privacy and Security. Providers and business associates need to catch up with other regulated industries and those targeted for the value of their data.
2. Data Management The digitization of healthcare has led to the massive collection of data. As healthcare becomes more dependent on this data, the storage, protection, back-up and recovery of the data is critical. It must include disaster recovery/business Continuity.
3. Interoperability and Information Exchange Affordable Care Organizations (ACO), health information exchanges (HIE) and new care delivery models (home care, remote monitoring and other requirements) will drive information exchange.