It’s obvious from the varying responses below that there are a plethora of health IT issues affecting a number of areas in and throughout hospitals. In reviewing a number of healthcare issues, the following thought leaders offer what they feel are the top IT issues in healthcare.
As is often the case in profiles such as this, the responses are diverse and varied. Do you agree with their assessments?
Badri Narasimhan, founder and CEO, AlertMD LLC
I work with hospitals nationwide and I find that the top issues facing the hospital are:
1. How to align the interests of the physician with the hospital in a world where the hospital takes risk? Physicians used to get paid by “time and material” in the old world and the hospital got paid by “contracted costs.” The new reality has both the physician and the hospital getting paid a fixed amount to then manage the cost of healthcare on a “fixed price” for lack of a better word. IT challenges: The tools in the “time and material” world are unsuitable to manage the new reality in a “fixed price” world. This is a top challenge.
2. Real-time P & L — If you ask a hospital CFO what the profitability of the current patients in Unit 10, they would give you a blank stare. This is because the do not know what they are going to get paid (the DRG or diagnosis-related group reimbursement) much less what their current costs are. Thus, the lack of visibility into managing costs creates havoc. IT challenges: Systems that can develop a view into costs and projected revenue require a lot of specialized people to provide the information even in hospitals that have a partial solution. Most hospitals do not know where to turn for new ways of thinking. This is a big IT challenge.
Doug Nebeker, owner and technical expert, Power Admin LLC
Staying on top of compliance and auditing tasks is a top issue facing hospital IT departments today. As more and more data moves into the digital space, IT departments can easily become overwhelmed as staff gets bogged down with the tedious task of trying to keep track of what’s happening where in the system. Network monitoring software is seeing a boom as a result, quickly becoming an IT necessity for managing increasingly complex network auditing and compliance processes. Technology is meant to help, not hinder, and so as we continue to utilize it in new ways we must ensure our process management keeps pace.
Paul Banco, CEO, etherFAX
Hospitals and other healthcare organizations will always have the need to exchange “unstructured” data. While there is a large focus on meaningful use, ICD and other mandates, many hospitals and organizations are not taking into account the need to quickly, affordably and securely transmit unstructured data while also staying HIPAA compliant. One of the main issues is that public cloud services are not HIPAA compliant. Healthcare organizations can work around this by extending their existing fax server solutions to the hybrid cloud, allowing both custom and popular EHR applications to communicate with each other via a private secure network, guaranteeing delivery with military grade end-to-end encryption. By eliminating the need for costly and cumbersome network fax systems, such as fax boards and recurring telephony fees, hospitals can leverage the hybrid cloud to swiftly manage all business-critical fax communications while staying HIPAA compliant.
David S. Finn, CISA, CISM, CRISC, ISACA professional influence and advocacy committee member, health IT officer, Symantec
Healthcare is undergoing fundamental changes in reimbursement, care delivery models and the technology required to make these changes. Technology and information is no longer an adjunct to the business of healthcare — it is a strategic imperative. This information, however, is among the most regulated and protected information under the law. The data must be shared more widely with more people and organizations, all the while with stricter security and privacy controls. At a high level, the most critical issues facing health IT are:
1. Security and Privacy
Healthcare, historically, has not invested in nor staffed appropriately in terms in of Privacy and Security. Providers and business associates need to catch up with other regulated industries and those targeted for the value of their data.
2. Data Management
The digitization of healthcare has led to the massive collection of data. As healthcare becomes more dependent on this data, the storage, protection, back-up and recovery of the data is critical. It must include disaster recovery/business Continuity.
3. Interoperability and Information Exchange
Affordable Care Organizations (ACO), health information exchanges (HIE) and new care delivery models (home care, remote monitoring and other requirements) will drive information exchange.
Mike Lanciloti, vice president of product management and marketing, Spectralink
IT issue: BYOD. Hospital IT managers are quickly learning how the influx of consumer-grade devices, such as the iPhone, into the hospital setting can be a bigger problem than it initially appears. Doctors, nurses and other hospital staff do require the portability and information sharing capability that smartphones can provide, but personal devices introduce IT issues on multiple fronts. They do not have the security often required for enterprise-owned devices, they lack interoperability with hospital systems like EHR, and the short battery life of consumer devices isn’t ideal for long shifts. In short, BYOD in the hospital can actually complicate patient care and inhibit effective communication between staff. Many hospital CIOs and IT managers seeking greater control are turning to in-building mobile devices that function as smartphones — using texting, voice and many other features — but that operate within the confines of a hospital and its Wi-Fi network.
Yvonne Li, co-founder and VP of business development, SurMD
I believe the top IT issues facing hospitals currently is data storage security. As data breeches become more and more common, it is imperative to protect patients health data and records while at rest (storage) as well as in flight (being transferred) to minimize health identity fraud. Ensure your storage provider utilizes HIPAA regulations can aid in ensuring data security.
To address security, it is important to create several points of unique user identification, authentication and automatic log off timers. Data must be encrypted during transferring and later decrypted once received. Data at rest refers to inactive data which is stored on the cloud, on mobile devices, thumb drives, and other inactive mediums.
Protecting the physical devices and mediums information is stored on is just as important as the data itself. Physical safeguards such as facility access controls (who are allowed on the devices), proper workstation use and security regulations should be put in place.
Lastly, monitor activity. Regularly review system activity, logs, and logins to be informed on who is accessing data and when.
Jason Wang, founder and CEO, TrueVault
The biggest IT challenge hospitals face today is meeting increasing demand from patients for data and information accessibility. Consumer-facing technologies such as Apple Health, Google Fit and Apple AirDrop are causing patients to expect more from medical providers.
Common questions hospitals field from patients:
“I want to video chat with my doctor. That means my doctor needs to access
my medical history remotely. How can we set that up?”
“I’m using Fitbit/Apple Watch/some other wearable. What are the benefits of my sharing this data with you?”
“Can I download my CAT scan to my iPhone so I can get a second opinion?”
In a nutshell, patients want their medical data to flow back and forth as smoothly as their social data. That requires hospitals to find secure ways to provide third-party access to historically walled-off records. Integrating with legacy systems, ensuring security and privacy, and working within regulatory guidelines and budget realities is a challenge all hospital IT teams face. Prioritizing the effort and finding the right partners is the next step for these organizations. Vendors are starting to target this need with new security solutions.
John Tempesco, senior director, operations, Healthcare Group at AtHoc, Inc.
Healthcare organizations have implemented clinical information systems which are now used as an integral part of patient workflow. As these systems expand deeper and deeper into the clinical workflow across the continuum of care, the dependency on them continues to increase. It causes a great deal of frustration and confusion within the practice of medicine if there is an IT outage. Whether they’re down because of a scheduled or unscheduled event, or due to an emergency situation, healthcare cannot stop because an essential tool is unavailable.
Mass notification systems are being used to ensure business continuity during an IT outage. After Kaiser Permanente implemented AtHoc’s mass notification system, the time to inform everyone of an IT outage was cut from more than two hours to two minutes. In two minutes, via a mass notification system that used phone calls, texts, emails, or desktop pop-up alerts, the organization was able to communicate awareness of an outage and also provide a link to a shadow network that could be used temporarily until the main network was back up and running.
It is now also used to reach out to a targeted list of individuals identified as needed to address a variety of outage scenarios. The process has reduced downtime due to IT outages by 50 percent.
Michael DeLuca, executive vice president of technology and client services, Prodigo Solutions
It’s become imperative for hospitals and health systems to have the right technology in place to manage contract compliance. Why? Technology can enable health systems to save millions of dollars by minimizing off-contract supply chain spend and maximizing supplier rebate programs, which are incredibly important to the bottom line especially amid declining reimbursements. Many health systems today are managing compliance with the help of their legacy item master repository, which often doesn’t contain enough information to adequately support contract compliancy programs, namely at the point-of-purchase. Health systems that have found the limitations of the item master to be too great, are augmenting existing technology to enrich data and to improve search capabilities. New content management solutions can consolidate and enrich dispersed data as well as provide real-time visibility into what the health system bought by category, by company, by item, against the contract terms, where it was relative to year-to-date, how much was saved, and who bought it. I believe leveraging recent technology enhancements to manage contract compliance at the point-of-purchase is one of the top IT investments the C-suite will prioritize in the near term because of the compelling business case. It’s hard to ignore the dramatic savings potential.
Todd Feinman, CEO, Identity Finder
As seen in other industries, the healthcare industry is facing significant risk as it relates to the leakage of sensitive information, specifically Protected Health Information (PHI). A sensitive data management program is imperative for all healthcare providers but hospitals in particular.
The Health and Human Services Department has reported that there are many breaches in the healthcare industry each year. Recently, New York Presbyterian Hospital and Columbia University paid a $4.8 million fine in violation of HIPAA after inadvertently leaking records of 6,800 patients to the Internet. The hospital must also invest in risk mitigation measures to prevent similar occurrences from happening again. Along those same lines, a Javelin Strategy & Research study released in April 2014 found that 30 percent of consumers would avoid their healthcare provider after a breach, which shows that in addition to regulators, patients also find data protection important. It’s clear that hospitals must prioritize sensitive data discovery and data classification to avoid reputational damage, compliance and legal costs.
Steven Joe, executive vice president of channel business for Americas, ZyXEL
Health IT is a critical component to any healthcare facility, and rural hospitals and healthcare institutions are no exception. With all the advancements in IT including higher broadband speeds, faster networks and increasing consumer adoption of smart mobile devices – relevant medical information has become portable and real time. Consumers are also more tech-savvy and have higher expectations from critical service facilities like healthcare. Hospitals are answering the call by equipping staff with mobile devices. This trend, while increasing staff productivity and patient care, also exposes network bottlenecks and security issues. A high-performance wireless network that can be segmented into multiple isolated networks (i.e. – one for employees, one for patients and one for equipment), ensures sensitive data remains secure, the patient experience is enhanced and productivity increases. Gigabit VPN Firewalls with content filtering can protect critical medical information while blocking malware without slowing down performance. So a fast, reliable and secure Wi-Fi network is essential to both urban and rural healthcare organizations.
Kathryn M. Bennett, senior program manager, Standards Technical Program Operations, IEEE Standards Association
Hospitals are designed with the intent to help provide quality patient care. However, what happens when the technology to support those hospitals does not readily allow for it? It makes the jobs more difficult for all parties involved. From what we have seen, some of the top technological challenges facing hospitals fall into the following categories:
- Device Interoperability: While not remote to the healthcare systems, the concept of interoperable devices and the datasets that reside on those devices is important.
- Hospital Grade Wi-Fi: The ability to safely and securely allow for the usage and management of the wireless infrastructure within a hospital setting.
- Asset & Supply Management: Efficient management of inventory costs through the use of location based services.
From my viewpoint, the standardization work that key industry leaders and stakeholders are helping to drive will effectively support hospitals in addressing the outlined challenges. I invite those that would like to learn more about the exciting work that the IEEE is doing in these spaces to see our work in the IEEE 11073, IEEE 802.11 and RTLS initiatives, and to reach out to me if you have any questions regarding these or any of the many projects at the IEEE.
Dr. Robert J. Monteverdi, director, Health and Life Sciences Global Practice, SAS
One of the top issues facing health systems today are the numerous technology challenges, and none loom larger than the need to capitalize on the massive amount of underutilized data to better understand and negotiate this rapidly changing landscape. The emphatic shift of risk transfer toward the nation’s providers requires both discovery of and adherence to the delivery of meaningful value. In response to the shift from volume-based to value-based payments, multiple proposed revenue models continue to coexist and undergo testing.
Understanding all one can regarding care episode reimbursement, inclusive costs, quality of outcomes and patient satisfaction is a key cornerstone to successfully engage in these shared risk models. This requires an automated aggregation of those multiple disparate data sources, utilization of sound data management methodologies to map, transform, govern and secure the data, with subsequent application of sophisticated high performance analytics to gain the desired knowledge and insights.
As health systems commit the necessary investment enabling them to determine, analyze, improve and subsequently optimize the balance of quality outcomes vs. required operational margins, the more empowered they will be to capitalize on opportunities presented by this evolving world of healthcare risk management and the search for true value.
Chirag Patel, founder and managing partner, Highnote Foundry
As the healthcare industry responds to the Affordable Care Act and new cost procures, all healthcare providers, including hospitals, will need to use data to make smarter decisions about treatment protocols and manage insurance costs based on treatment efficacy and evidence of outcomes
In addition, hospitals are starting to provide remote treatment and monitoring via connected devices, shifting care to become more preventative/pre-emptive (Mayo clinic backed Better is an example of this)
One other way hospitals should use business intelligence models is to optimize scheduling and staffing, as well as supply chains and lower procurement costs.
Francis J.M. Turner, vice president product management and OEM, Threatstop
Do you know if your MRI machine sends pictures to China?
That’s not a joke question. It has happened more than once. How? MRI machines and many other critical pieces of medical infrastructure are controlled by PCs running Windows. Frequently this is still Windows XP and even when it isn’t the controller is unlikely to be fully up to date on patches. They are also connected to the same network doctors and nurses plug laptops into to get the X-ray or MRI images. Unless those laptops are kept inside the building and are used only for medical business, the chances are high that some of them have malware on them and that malware will happily spread to the controller PCs that the laptops connect to.
The key is to prevent unauthorized data exfiltration, and the best way to do that is to limit the access of controller PCs to external networks. A controller PC in a US hospital has no need to talk to the Ukraine or China (or even, arguably, to most of the US) so firewalls should be configured to block and log attempts to contact remote locations by controller PCs.