Last year, 2015, was a year of buildup, anticipation, and finally some bold moves to propel healthcare technologies forward, specifically regarding interoperability of data. The Office of the National Coordination, under the auspices of the department of Health and Human Services, released the long-awaited and much-debated meaningful use Stage 3 requirements in October. All the players in the health tech space were awaiting the final verdict on how Application Programming Interface (API) technology was placed into the regulations, and the wait was worth it, regardless of which side of the fence you were on. Before we get into the predictions, though, a little background knowledge about these technologies, and their benefits, will be helpful.
API Overview
An API is a programmatic method that allows for the exchange of data with an application. Modern APIs are typically web-based and usually take advantage of XML or JSON formats. If you are reading this article, you almost inevitably have used apps that exchange data using an API. For example, an application for your smartphone that collects data from your Facebook account will use an API to obtain this data. Weather apps on phones also utilize an API to collect data.
HL7 Overview
Next let’s take a look at the history of interoperability of healthcare data. HL7 2.x is a long standing method to exchange healthcare data in a transactional model. The system is based on TCP/IP principles and typically operates with Lower Layer Protocol (LLP) which allows for rapid communication of small delimited messages. The standard defines both the communications protocol and the message content format. No doubt about it, HL7 2.x is incredibly effective for transactional processing of data, but it has been limited in two key areas:
A pioneering developer of a successful HL7 interface engine once said: “Once you have developed one HL7 interface … you have developed one HL7 interface.” The standard exists, but there is nowhere near enough conformity to allow this to be plug-and-play. For example, a patient’s ethnicity is supposed to be in a specific location and there is a defined industry standard list of values (code set) to represent ethnicity. In reality, the ethnicity field is not always populated and if it is, it rarely follows the defined code set.
HL7 is an unsolicited push method, which means when a connection is made, messages simply flow from one system to another. If you are attempting to build a collection of cumulative data over time, this is a mostly sufficient method, but what you cannot do is ask a question and receive a response. Although some query/response methods have existed for years, their adoption has been very sparse in the industry.
2016: Year of the Healthcare API
If you are a physician with an electronic health record (EHR) system and you accept Medicare patients, you likely have gone through the process of becoming meaningful use (MU) certified, which means you have purchased an EHR software solution certified by the ONC. This EHR must follow guidelines of technical features, and physicians must ensure they utilize those features in some manner. In October 2015, the ONC released MU Stage 3 criteria (optional requirement in 2017, mandatory in 2018) which includes this game changer: A patient has a right to their electronic health information via an API.
Guest post by Ben Weber, managing director, Greythorn.
Ben Weber
This is the time of year when people are looking into their crystal ball, and telling all of us what they see happening in the next 12 months. Some of these predictions will be wild (aliens will cure cancer!) and some will be obvious (more health apps in 2016!). But how many will be helpful?
As I gaze into my own crystal ball, I have to admit I’m also peeking at my email (I like to multi-task). I can’t really say if it’s inspired by the swirling lights of the magic orb on my desk, or if it’s because of the inquiries from clients, messages from my management team and RFPs from various hospital systems … but I also have a prediction for the New Year: 2016 will be the year of migration for Epic and Cerner consultants.
The United States healthcare industry has made great progress in EHR implementation—to the point where implementation is no longer the primary conversation we’re having. Now we’re discussing interoperability, if we’re using ICD-10 codes correctly, how and if we should integrate the data collected from wearable fitness technology, and more. Those discussions—and the decisions made as a result—will continue to require human intelligence and power, but in 2016 there will be a decreased demand for consultants on these projects. Healthcare IT professionals who have grown accustomed to this kind of work will either have to settle into full-time employment—or turn their nomadic hearts north to Canada.
Our neighbors on the other side of the 49th parallel are ramping up their EHR implementations, which is good news for consultants interested in using their passports. Implementations in the US are slowing down, and while there is still work available, it is not as constant and may not command the same hourly rates as in years past. Meanwhile, several leading Canadian healthcare IT organizations have already warned of a looming talent shortage in their country (source), the effects of which are beginning to be felt.
Epic and Cerner specialists are particularly in demand, as there is a dearth of experienced talent. Out of the Canadian healthcare IT professionals who have worked with an EMR, 28 percent report familiarity with MEDITECH, 13 percent with Cerner, and 7 percent with McKesson. Only 4 percent have worked with Epic, according to the 2015 Canadian Healthcare HI & IT Market Report.
Interoperability will be healthcare IT’s biggest trend in 2016 as the industry finally sees momentous forward movement.
In fact, interoperability is not a new trend. It has been an important mission (and a challenge) for healthcare administrators for decades, but the past couple of years have been game-changing:
First, the U.S. Department of Health and Human Services (HHS) wants interoperability to be a common feature in all EHRs by 2024 so that patient data can be shared across systems to provide better care at a lower cost. Since the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH), a $30 billion initiative to accelerate EHR adoption, more than 433,000 professionals (95 percent of eligible hospitals and 60 percent of eligible professionals in Medicare and Medicaid programs) have received incentive payments.
Second, the HHS’s ambitious announcement that mandates moving 50 percent of Medicare payments from fee-for-service-based to value-based alternatives by 2018 puts care coordination and interoperability at center stage. This historic initiative is transformational for patient-centered care based on accountability and outcomes and is the first step toward achieving better health overall with lower cost.
Third, there’s been significant industry momentum with more than 40 organizations coming together to work on HL7 FHIR (Fast Healthcare Interoperability Resource), dubbed “Project Argonaut,” an industry-wide effort to create a modern API and data services sharing between the EHR and other healthcare IT systems based on Internet standards and architectural patterns. Project Argonaut began in December 2014 and has made impressive progress. And while still evolving, the recently released Stage 3 meaningful use rules have emphasized interoperability — more than 60 percent of the proposed measures require interoperability, up from 33 percent in Stage 2.
Guest post by James Carder, CISO of LogRhythm, VP of LogRhythm Labs.
James Carder
This year’s biggest health data breach victims include insurers Premera and Anthem, where incidents affected nearly 100 million patients combined. It’s clear that healthcare organizations must strengthen their cyber security programs to protect themselves and their patients, or they’ll be targeted again and again. Strategically, healthcare organizations must change the way they have operated for the past 30+ years with regard to their behaviors and their use of IT. Cyber security is now a key business differentiator as both patient care and safety are paramount to a hospital’s ability to remain a trusted provider. The hospital of the future is one that incorporates these protection measures into its business brand, thereby recruiting, retaining and reinvesting in patients.
As we start out 2016, here’s what I think we’ll see going forward:
Healthcare IT security will continue to fall further and further behind the rest of the industry verticals
Healthcare IT security will continue to fall further behind the rest of the industry verticals. Healthcare organizations are focusing on functionality for patient care (rightfully so), and security is an afterthought. Many organizations are overly dependent on antiquated hardware and software, with inherent vulnerabilities, that could inadvertently put patients in danger. There has never been a real investment in information security, so the cost to catch up to industry standards and shed the label of being the hackers’ “low hanging fruit” is that much more expensive. The industry will continue to be targeted by sophisticated and organized attackers until a serious investment is made in both technological and human capital.
The medical record is a relative goldmine of information and, as such, a highly valuable target for all classes of attackers, ranging from financial crime groups to nation state threat actors. The number of items a hacker has access to and the way in which the information can be used is more extensive. Stolen data can be re-used by a hacker over and over again. So, in addition to this general prediction, I also think that at least one of the U.S. News and World Report top 10 hospitals will go public with a breach through outside channels.
Healthcare IT (security) spend will be the highest it has ever been, doubling the spend of 2015
Despite my first prediction, healthcare organizations will invest a lot of money in IT security technology and human resources, doubling the spend of 2015. Although the executives may fund the security department, a security culture might not trickle down to the rest of the organization. The person in charge of security might be accountable for security, but the buy-in must come from the board of directors down through every level of the organization. Staff and the clinicians must understand what they are doing is making the organization a safer place for them and their patients–their effective security behaviors allow clinicians to do their job in treating patients better.
At least one major medical device manufacturer will have to go public with a vulnerability that could fatally affect patients
Medical device vendors and manufacturers have never taken security seriously. They are primarily looking for functionality for patient care and ease of administration and maintenance. A medical device is a computer system with one end attached to the patient, providing critical patient care, and the other end attached to the corporate network or Internet. Just like most devices on the network, a medical device runs a known operating system; vulnerable to the myriad exploits that effect any computer. Based on the risk profile of a medical device, it should be subject to the highest security standards in the industry but unfortunately they are not. If someone can hack into a Windows XP box that is unpatched with exploitable vulnerabilities, someone can hack into an XP-based medical device. I predict that another medical device manufacturer will disclose an easily exploitable vulnerability that could patients at direct risk. I also predict that an attacker will exploit a medical device and use it as a bridge into a company’s corporate network to facilitate a breach.
Guest post by Anand Natampalli, MBA, vice president, global business development, HGS, and Daniel A. Schulte, MBA, CHFP, senior vice president, provider healthcare, for HGS.
Anand Natampalli
If there is one constant in healthcare and health IT it’s change. Technological advances, growing workforce needs, regulatory reforms, and the continued shift to value-based care will all continue to have a profound impact on the industry in the coming year. Here is what we think will be the major changes affecting payers and providers:
Payer Predictions:
Data Grows More Critical in a Value-Based World
Payers used to leverage analytics to look for ways to reduce operational costs. In 2016 and beyond, the focus will be on creating highly targeted products, channels and service offerings that keep patients healthier. For example, payers will use highly personalized behavioral data to make wellness recommendations for members. This targeted approach of wellness is possible with analytics resulting in higher adoption rates compared to a traditional outreach.
Greater Focus on the Customer Experience
Dan Schulte
Members purchasing health insurance on the exchanges will be faced with a choice each year, and those choices will be right in front of them for them to compare. A poor customer experience this year will increase the likelihood of finding a new payer next year. Based on 2014-2015 data, 38 percent of members changed their health plans in state exchanges with in one year. With price points remaining comparable customers will continue to look to service and experience as key differentiators when choosing a health plan.
Provider Predictions:
Engagement and Activation
Technologies that enhance and improve patient engagement and activation will be critical to healthcare moving forward. Through population health management we are learning more about how to create wellness strategies and to stratify patient populations based on their conditions and adjust for nuances in age, race, diagnostic groups, and the like.
Guest post by Kirk Larson, national CIO, healthcare, NetApp Inc.
Kirk Larson
As we start a new year, let’s take a moment and take stock of the past 12 months. Like an annual physical, it gives us a chance to take a pulse check on the industry and see what the next year has in store – the opportunities and the obstacles.
During 2015, we had the opportunity to chat candidly with CIOs, healthcare technology partners and healthcare providers to discuss the big questions affecting the industry:
— What are the big topics the industry will be focused on?
— What changes do you see coming?
— What new challenges lay ahead and what new technologies will help us overcome them?
Based on these discussions, here are some of the key trends healthcare CIOs can expect in 2016:
Electronic Health Record (EHR) Optimization
As healthcare organizations move beyond implementation phase of EHRs, CIOs and IT are refocusing their efforts towards enhancing care workflow and benefits realization by way of optimizing the IT infrastructure. Basically, the status quo on overspending on legacy hardware is no longer being tolerated.
While the high availability, performance and security requirements for IT infrastructure certainly aren’t lessening anytime soon, IT is feeling greater cost pressures to run EHRs more efficiently. As a result, organizations are looking to simplify IT operations for running on-premises data centers with improved data management solutions, with the end-goal of moving toward building their own private clouds.
In addition to greater cost efficiency, we are seeing a growing demand for increased agility of IT services. As such, organizations are looking to advanced analytics capabilities as a means of achieving greater responsiveness. But before they can reap the benefits of employing a population health management system, IT needs to shift from tired legacy IT environments to highly agile IT infrastructure.
Population Health Management
Population health management programs have long been used by healthcare insurers to increase wellness and decrease claims cost. Organizations leverage multiple data sources such as EHRs, pharmaceutical data, insurance claims, etc.; to enhance and preserve wellness, as well as, programs that anticipatory and pre-emptive in design.
Data breaches and HIPAA violations became common, almost daily, news in 2015, exposing sensitive client information with devastating results. Understanding HIPAA compliance will be critical in 2016, especially since the Office for Civil Rights (OCR) will begin a new round of HIPAA audits.
In spite of record spending on firewalls, anti-virus software, malware detectors and the widget of the day, healthcare organizations keep getting hacked because the focus is in the wrong place. Here are three trends taking presence in 2016 that can help any organization fight the good fight against cyberattacks.
Buying Technology Alone is a Security Strategy That Does Not Work
Healthcare is under constant pressure to safeguard assets, however too many firms focus on security for HIPAA compliancy and then call it a day. Compliance is a legal necessity, but organizations expose themselves to cyberattack when use technology as a crutch. Many organizations will need to look at their operations as a critical network and seek ways to defend it.
A majority of breaches are from data that has been stolen, via record removal, virtually and physically. We see the trend in 2016 shifting from technology to people if healthcare organizations are going to defeat hackers.
Focus on the Human Element
Examine the largest data breaches of 2015. Technology did not protect the vast majority of these companies. In each case, data was breached due to hackers successfully exploiting humans.
The proliferation of mobile devices in healthcare like smartphones and tablets have also made the human element even more vulnerable because this area of security is often overlooked and is, in fact, the weakest link.
Technology is only as good as the people who use it and is merely a tool in the fight against cybercrime. Technology alone cannot fully protect an organization’s data, networks, or interests. This is a trend in 2016 and beyond that must be recognized if organization hope to safeguard patient records.
Guest post by Jean Van Vuuren, regional vice president, Alfresco.
Jean Van Vuuren
Hospitals, clinics and other healthcare organizations are constantly evolving due to the proliferation of technology, the increasingly digital workforce and advancing patient expectations. In addition to evaluating the constant flow of new technologies in the healthcare market, they must be nimble to meet the technological needs of healthcare workers and patients. In addition, the increasingly multigenerational workforce has varying requirements when it comes to technology, organizational culture and career progression. Finally, it is becoming more important for healthcare organizations to deliver a consistent patient experience. Today’s patient is better informed, more in sync with their health and expects a superior healthcare experience. To address these somewhat competing forces, healthcare organizations will focus on consolidation, integration and digitization in 2016.
Consolidation
Shared services is a growing model across industries, and healthcare organizations will follow this trend in 2016. This model allows organizations to consolidate tools and processes to meet a number of needs across their organizations. Hospitals, clinics and other healthcare facilities will look to take existing services and the tools that support them, and coalesce them into a more agile and flexible platform for IT solutions that support their entire organizations. For example, hospitals that have a system to manage EHRs and a different system to manage employee records may be able to use one, the other or an entirely new system to address both needs (and, potentially, others across the organization). The latter would obviously involve the decommissioning of legacy applications in favor of more robust tools that are open, have flexible deployment options and support mobility.
Integration
Similarly, healthcare facilities will only be able to meet the technological, organizational and clinical needs required today by employing tools that integrate not only with the systems they already have in place, but also with the tools that employees and patients use both personally and professional. And, in 2016, they will focus on integration, bringing in technology that can work with many other tools now and into the future. Using the example above, if a healthcare organization has an EHR system that they plan to keep, but they also want to get another system to manage employee records, they will seek to purchase a tool that integrates with their current EHR system. And for good reason.
