Guest post by Ben Oster, product manager, AvePoint.
Balancing the strategic needs of a business with the user-friendliness of its systems is a daily struggle for IT pros in every industry. But for healthcare organizations, safeguarding the data living in these systems can be especially daunting. According to a study by the Ponemon Institute, healthcare is a minefield for various security hazards. Within the last two years, 89 percent of healthcare organizations experienced at least one data breach that resulted in the loss of patient data. As healthcare businesses and the patients they serve adopt a mobile-first approach, providers must strike a balance between innovation and risk to prevent patient data (and internal information) from falling into the wrong hands.
The use of mobile devices and apps certainly enhance patient-provider relationships, but these complex information systems present new concerns surrounding compliance, security, and privacy. As employees and patients increasingly adopt smartphones, tablets, and cloud-based software into their daily lives, healthcare leaders must prioritize users’ needs while mitigating security risks. Mastering this dynamic requires healthcare companies to balance mobility trends like BYOD and cloud computing with regulatory requirements like HIPAA.
To lower the risk of data breaches, healthcare organizations need to defend their systems by identifying, reporting on, and safeguarding sensitive data. Here are a few steps the healthcare industry can take to join the mobile revolution without compromising security:
Start with discovery – Traditionally, healthcare organizations have taken a “security through obscurity” approach to protecting data. In other words, relying on the ambiguity of the data in their systems to ward off malicious attacks and breaches. But as technology emerges that personalizes patients’ end-user experience – such as online patient portals and electronic medical records – the less obscure healthcare organizations’ data becomes. With patients and medical staff accessing this data through a range of devices and workflows, knowing precisely what content exists in a healthcare organization’s infrastructure is essential to security. That’s why discovery is the first step to safeguarding content. Healthcare IT teams should also roll out internal classification schemas to determine which user groups need access to this data. By categorizing content based on these factors, healthcare companies can lay the framework for a truly secure system.
Ask anyone involved in the world of clinical trials about the biggest trend facing the industry, undoubtedly they will say “BYOD.” The idea of allowing patients to use their own mobile devices to report data related to their trial participation isn’t necessarily a new one, but with more people using smartphones and tablets than ever before, it’s moved to the forefront of discussions about the best way to manage eCOA data collection.
Why BYOD Is Gaining Traction
On the surface, incorporating BYOD into eCOA seems like a perfect, and obvious, solution. Using dedicated applications on devices that they already own and are familiar with — and most likely have on them most of the time — they can enter data easily, and in real time. The benefits don’t end there, either.
Cost — One of the most significant cost centers for clinical trials, accounting for about a third of the costs of clinical trials, is reporting. More specifically, those costs are incurred in the provisioning of devices for study participants to use in reporting their data. With BYOD, those costs are reduced significantly.
Improved Engagement and Compliance — BYOD in clinical trials removes some of the learning curve inherent in providing devices to participants. Patients are already familiar with how to work their devices, and generally use them on a regular basis, which has the effect of increasing their engagement with the study, and more likely to record the data when and how they are supposed to. There’s no need to carry or learn about a second device, or go to any extra effort, which has the potential effect of improving the accuracy of study results.
Improved Access — Some experts argue that allowing patients to use their own devices for data collection can help increase access to clinical trials for patients living in remote areas. Currently, patients in those areas cannot participate in trials due to limited broadband, but reporting via cellular connections may open new opportunities.
Clearly, there are some significant benefits to using BYOD for clinical trials, and the potential for improved outcomes cannot be ignored. However, there are some concerns about BYOD in this capacity — concerns that have significantly affected adoption rates.
Since the beginning of what is known as the “Information Age,” paper has been viewed as a canvas to document ideas, record relevant material and deliver messages to prospective readers. Continued innovations in technology have given billions of workers the ability to connect seamlessly — oftentimes with little effort. Convenience and efficiency are deemed topline must-haves, as we have handy cloud services that digitize essential materials like images and documents. Thus, common tasks like writing letters or printing receipts are now seen as passé as they can be streamlined or, in some cases, avoided altogether by utilizing email, apps and/or direct electronic messages.
Paper serves as a conduit for information to be shared easily among several parties. Because of this, until there is one other common denominator that everyone can recognize, paper and the need to utilize it will remain evergreen for people of all ages. As the original device of modern communication, paper has long held its position as a lifeline for several industries, most notably in healthcare. As an industry that adopted mobile working styles to great effect, healthcare has still seen the use of paper as a mission-critical component to their quest of providing quality patient care. For instance, in the health sector, paper is required for appointment and insurance documentation, differentiating prescriptions for patients and communicating clinical decision-making and objectives.
As one of the standard ways of utilizing paper, printing is also seen as a surefire way to quickly and succinctly relay a set of messages into a clear, readable format. But with several tech vendors proudly touting their robust “paperless” capabilities in an effort to curb waste and conserve ink, it begs the question – in the long run, where will paper end up for our communication needs? Outside of the workplace, does it still make sense to consider printing and paper “dead” when it was one of the first sources of communication? Will it serve us or become obsolete in our electronically-dependent world? No. In truth, paper, in tandem with printing, will always be around in some capacity.
Today, one of the growing general notions of technology is that electronic sources of communication have eclipsed functions that were previously considered the norm. However, in the workforce, printing is a central, vital function. But what advances will industries have to do to maintain innovation and relevancy in an increasingly digital world? Continued flexibility to support mobile and BYOD work styles, compatibility with cloud documents and the bandwidth to securely support multiple print devices within a single environment are a few features that can the healthcare sector evolve with the technological curve while still maintaining some of its classic characteristics.
Leading into HIMSS15, TEKsystems, a provider of IT staffing solutions, IT talent management expertise and IT services, highlights results that explore the current state of IT operations at healthcare organizations. The findings identify key objectives and challenges for healthcare IT teams, the skills most needed to meet those demands, as well as expectations for spending and confidence. The data is gleaned from information captured within TEKsystems’ 2013–2015 annual IT forecasts as reported by IT leaders (CIOs, IT VPs, IT directors, IT hiring managers) at healthcare organizations.
Key findings from the data include:
Expectations for IT Budget Growth Decrease in 2015; Yet Confidence Continues to Increase
Fifty-one percent of respondents expect their organization’s healthcare IT budget to increase in 2015, down from 68 percent that said the same entering 2014, and returning to levels seen entering 2013 (52 percent). Thirty-eight percent expect IT budgets to stay the same, a significant increase over 2014 (23 percent) and similar to levels of 2013 (41 percent).
Sixty-four percent are confident in their IT department’s ability to satisfy business demands in 2015, an increase over the 59 and 58 percent that felt confident heading into 2014 and 2013, respectively. Ten percent indicated they are unconfident in 2015, the same percentage as 2014 and down from 2013 (13 percent).
TEKsystems’ Take: Expectations for budget increases began to normalize last year. Following the ICD-10 extension by Congress, IT leaders felt less pressure to seek additional funding to meet those deadlines. Confidence has continued to grow even as budget increases have leveled out, now that organizations have core personnel in place or have developed other plans, such as outsourcing, to address workload concerns.
IT Support Aligns with Business Challenges; Focus Is on Improving Operations and Efficiency
2015 Rank (% of IT leaders)
Customer attraction, retention and satisfaction
Over the last three years, operationally focused areas (e.g., improving efficiency, reducing costs, improving existing IT applications and infrastructure, and managing risk) have all been cited within the top five business objectives that most need IT support.
2015 Rank (% of IT leaders)
Improving existing IT applications and infrastructure
Delivering operational results
TEKsystems’ Take: Now that healthcare organizations have identified the biggest challenges facing them in 2015, they are working to align IT support priorities to address those challenges. They have laid the foundations for their large IT initiatives and must shift focus to ensure that they are implementing new projects and establishing best practices in a way that allows them to make the most of existing investments. Increasing efficiency and making the most of these implementations will better position them to take on other projects in the future.
Most Impactful Technology Trends Include Business Intelligence (BI) / Big Data, Security, Mobility, Consumerization and Cloud; Expected Spending Increases Mirror These Areas
Over the last two years, healthcare IT leaders listed BI/Big Data, security, mobility and consumerization of IT/BYOD as the top four trends impacting their organizations.
Area of Impact
2015 Rank (% of IT leaders)
BI / Big Data
Consumerization of IT / BYOD
The majority of healthcare IT leaders expect to see spending increases in security (70 percent), mobility (61 percent), BI/Big Data (60 percent) and cloud (55 percent).
TEKsystems’ Take: These expectations for spending increases make sense considering that security, mobility, BI/Big Data and cloud are all cited as the most impactful areas and tend to have some interdependencies. These areas play a large part in how healthcare organizations can increase operational efficiency and risk management.
Hands-on Roles Still Most Critical For Success, Also Most Difficult to Fill with Exceptional Talent
“Doers” continue to be cited as the most critical positions for an organization to achieve success. In 2014 and 2015, project managers, help desk / technical support and programmers and developers were cited within the top four roles most critical to enabling success.
2015 Rank (% of IT leaders)
Help desk / Technical support
Programmers / Developers
In terms of the most difficult roles to fill, project managers rank as the No. 1, climbing two spots up from No. 3 in 2014. Security (No. 2), programmers and developers (No. 3), software engineers (No. 4) and architects (No. 5) also ranked within the top five most difficult positions to fill. BI (ranked No. 11 in 2013) ranks as the sixth most difficult position to fill, down from No. 5 in 2014.
More than half of healthcare IT leaders expect salary increases for project managers (55 percent), software engineers (53 percent) and programmers and developers (52 percent). Approximately one-third (34 percent) expect increased salaries for help desk / technical support.
TEKsystems’ Take: It’s not surprising that project managers and programmers and developers remain in the top four most difficult positions to fill, as these staff members are in the trenches ensuring that organizations continue to make the most of their IT investments to increase ease of use and efficiency. This value translates into greater expectations for salary increases as organizations seek to retain their developed talent.
Vast Majority Expect Staff Salaries to Rise; More Than Two out of Five Expect Full-time and Contingent Hiring Increases
Seventy-three percent of healthcare IT leaders expect overall IT salaries to increase in 2015. The remaining 27 percent expect salaries to stay the same, with no respondents expecting salary decreases.
Forty-three percent of healthcare IT leaders expect hiring for full-time IT staff to increase, while 52 percent expect hiring to remain the same. Just 5 percent expect to see a decrease.
Forty-two percent of healthcare IT leaders expect hiring for contingent IT staff to increase, while 52 percent expect hiring to remain the same. Only 6 percent expect to see a decrease.
TEKsystems’ Take: As more work is done to make the most of investments in BI / Big Data, security, mobility and consumerization of IT / BYOD, organizations will need to at least maintain their full-time and contingent workforces in order to cultivate efficiency and make progress. While retaining top talent by increasing salaries will be a key tactic, new staff will need to be brought on as projects expand.
“Last year, we saw an early surge in the numbers of healthcare IT leaders expecting to see budget increases due to the overarching mandate to meet the former ICD-10 implementation deadline and to get new healthcare technology initiatives off the ground,” said Ryan Skains, executive director of TEKsystems Healthcare Services. “We are seeing those numbers level out as organizations not only make headway on the projects they have begun, but as they increasingly become confident in their staff’s expanding expertise and ability to meet major deadlines. Moving forward, the focus will be on refining systems and processes to increase efficiency and growth opportunity.”
Guest post by Dr. Christopher Ray, chief technology officer of Medical Information Records, creator of AnesthesiaOS, a cloud-based EHR solution for anesthesiologists and winner of Dell’s “Advancing Medicine” Healthcare Innovation Challenge.
Mobility and Bring Your Own Device (BYOD) strategies are transforming all aspects of healthcare by enabling physicians, nurses and medical staff to improve the delivery of care while enhancing patient outcomes and safety.
The upsides are impressive: Fast, responsive, agile solutions that streamline healthcare workflows and harness big data to deliver smarter care and more personalized medicine. By enabling providers to use preferred devices and mobile cloud software, mobility can help transcend how electronic medical records (EMR) are captured, accessed and viewed.
When it comes to mobility and BYOD in healthcare, however, security and compliance must go hand-in-hand. In creating AnesthesiaOS, a fully mobile anesthesia information management system (AIMS), we focused on providing greater efficiency in practice management while ensuring the highest levels of safety and integrity for protected health information (PHI).
To that end, creating, achieving and maintaining compliance with both patient privacy and healthcare standards was accomplished by leveraging the following set of comprehensive best practices:
Protect, Identify and Confirm All Regulated Data
The biggest challenge healthcare organizations face today is preventing information from ending up in the wrong hands. Since protecting information is an overarching goal, it’s crucial to identify all regulated data that will be generated on, accessed from, stored on or transmitted by a mobile or BYO device.
Dell unveils findings from its first Global Technology Adoption Index (GTAI), uncovering how organizations truly using security, cloud, mobility and big data to drive success. The market research surveyed more than 2,000 global organizations and found that security is the biggest concern in adopting cloud, mobility and big data. Furthermore, while 97 percent of organizations surveyed use or plan to use cloud and nearly half have implemented a mobility strategy, big data adoption is trailing as approximately 60 percent of organizations surveyed do not know how to gain its insights.
“We know that security, cloud, mobility and big data are the top IT priorities in all industries, but we need a deeper understanding of the practical realities of how companies are using these technologies today and what, if anything, is preventing them from unleashing their full potential,” said Karen Quintos, chief marketing officer, Dell. “This research cuts through the hype and provides a clearer roadmap for how Dell can enable our customers to thrive.”
“Despite mounting security risks and increased reliance on the Internet and technology to run their businesses, many small and midsize organizations are underprepared to deal with today’s security threats, let alone those of the future,” said Laurie McCabe, partner, SMB Group. “These companies know that disruptive technologies like cloud, mobility and big data can drive innovation and create competitive advantage. But it’s often difficult for them to take a strategic approach and overcome security concerns in order to fully harness the potential.”
Security Concerns Are Creating Big Barriers The Dell GTAI found that IT decision-makers still consider security the biggest barrier for expanding mobility technologies (44 percent), using cloud computing (52 percent) and leveraging big data (35 percent). While security concerns are holding organizations back from further investing in major technologies, a lack of readily available security information is similarly preventing organizations from being prepared during a security breach. Only 30 percent of respondents said they have the right information available to make risk-based decisions, and only one in four organizations surveyed actually has a plan in place for all types of security breaches.
The security barrier becomes even more serious as the C-suite becomes less engaged. Only 28 percent of organizations polled have a C-suite mindset that is fully engaged with security initiatives. However, in organizations where executive leadership is involved in security, confidence is markedly increased. Among organizations that are very confident in their security, 84 percent of senior leaders are fully or somewhat engaged, compared to only 43 percent of senior leaders at organizations who are not confident in their security.
Other significant Dell GTAI security findings include:
As more healthcare providers modernize their IT with cloud solutions and mobile devices, the opportunity for breaches increases dramatically. Hardly a week goes by without a major hospital or practice announcing a data breach. Breach reporting is costly, time-consuming and harmful to the reputation of otherwise legitimate practices. But is it really unsecured data, hackers or doctors sharing information that is causing breaches?
A quick analysis of the public data released by the Department of Health and Human Resources (HHS) reveals that from the first reported breaches in 2009 through early 2013, there were 572 breaches involving 500 or more patients (the threshold for reporting). Of these breaches, only about 10 percent came from hacking/IT incidents or improper disposal, while over half—51 percent—were a result of theft.
When you combine these details with the location of the breach, the picture becomes even more clear: 44 percent of the breaches are from laptops, 13.5 percent are from a computer, 13.1 percent are from portable devices and 10.5 percent are from network servers. That means a whopping 81 percent of breaches are from computing devices, and 57 percent are from mobile devices alone.
The security priority is apparent. Mobile devices cause the majority of PHI breaches and must be secured. While they aren’t foolproof and breaches can still occur, there are a variety of methods to control access to data on laptops, tablets, and smart phones on today’s market, as well as ways to wipe the device and track it.
Guest post by Paul McRae, director of business development, healthcare, AirWatch by VMware.
The evolution of mHealth has caused a dramatic increase in the use of mobile devices across the healthcare landscape. Mobile innovations are now positioned to vastly improve both the quality and quantity of the lives of human beings. New technologies and applications are helping organizations lower costs and provide higher quality service to patients. Mobile deployments in the healthcare industry enable clinicians and healthcare IT professionals to access medical records, diagnose illness, integrate with existing providers, enhance patient engagement and improve EHR interoperability.
As EHRs and the growth of deployed mobile devices and apps become increasingly popular, the need for mobility management and security is paramount. To embrace mobility, healthcare organizations must provide secure, easily accessible apps for staff and IT departments must manage devices while remaining HIPAA compliant and protecting patient records.
Enter containerization, an emerging class of management tools that carve out a separate, encrypted zone on the user’s smartphone within which corporate apps and data can reside. Policy controls apply only to what’s in the container, rather than to the entire device. Mobile containerization offers a way for hospitals to securely deliver apps and data to clinicians without interfering with the users’ ability to access their personal content.
Currently, the end user is divided into two separate personas – the personal and the corporate. Duality provides two different levels of security for very different forms of information present on a device. For example, the corporate security measures might require compliance with federal or HIPAA regulations, a form of monitoring that would be seen as invasive to employee privacy.
Mobile platforms are beginning to integrate containerization into their frameworks, which allows for more secure and tighter amalgamations of data with their corresponding operating systems. OEM’s are placing containers for work use with the underlying OS for greater efficiency, better feature support and improved user transparency. This embedded form of containerization allows IT to maintain consistent security policies to mitigate threats on every mobile device, from smartphones and tablets to laptops, peripheral devices and emerging machine to machine (M2M) technologies.
Containerization allows healthcare organizations to remain compliant with the stringent security requirements they must meet, while providing employees a consistent user experience across multiple platforms. However, each mobile operating system presents its own security challenges, such as Web-based malware or the ability to download apps outside of designated app stores. Securing corporate information that has been accessed on personal devices from applications and content repositories remains a major challenge, especially to ensure data loss prevention (DLP) if the device is stolen or the employee leaves the organization.
Guest post by Jay Savaiano, director, worldwide healthcare business development, CommVault.
Healthcare professionals are inundated with an abundant amount of ways that they can access and store clinical data. Healthcare IT departments are given the task of making sure the delivery of that clinical data is readily available and can be accessed via a myriad of devices, as well as in a secure manner that meets the compliance standards that the entire enterprise has agreed on upholding. The deluge of data and the ever-changing ways that the data is accessed is creating some major challenges and concerns for the majority of professionals who are responsible for managing the nation’s healthcare information stream.
In a recent nationwide survey of healthcare IT managers in enterprise organizations, 75 percent of respondents – up 14 percent from last year – indicated they were concerned about the protected health information (PHI) residing in Bring-Your-Own-Cloud (BYOC) solutions, such as Box or Dropbox. A large number of BYOC solutions even offer the first 2GB of storage for free, which may speak to their popularity.
Today, smart phones, tablets and computers that have helped proliferate the popularity of “Bring-Your-Own-Device” programs all come out of the box with some sort of free cloud-based storage solution. Though Intel and ReadWrite report that 49 percent of U.S. IT managers “Strongly Agree that BYOD Improves Worker Productivity,” when you couple BYOC with BYOD together and add protected health information to the mix, healthcare organizations can be opening themselves up to a tremendous amount of liability.
With the policies inherent in clinical applications themselves, it is easy to maintain the security of the content, which is often structured and rarely stored locally. However, the challenge revolves around the unstructured data with PHI. For example, if a clinician maintains a spreadsheet of basic patient data and he or she places that spreadsheet in a BYOC-type solution, both the clinician and the healthcare organization are putting themselves in a liable position. Only when cloud-based solutions are authorized by the healthcare facility and meet the organization’s compliance criteria – which can and usually dictates the cloud provider is willing to sign a business associate agreement in support of HIPAA – are the organization and clinician able to limit the potential liability impact. There can still be other factors that create new liability, but by making the limitation of rogue cloud storage a priority, healthcare organizations can better protect themselves against a potential data breach and subsequent lawsuit.
For physicians’ practices in the 21st century, connectivity is the buzzword. Getting doctors connected to data, patients connected to healthcare providers, and practices connected to networks are just a few of the web-fueled scenarios coming down the pike.
The Health Information Technology for Economic and Clinical Health (HITECH) Act is a game changer and affects just about every aspect of modern medical care. HITECH, part of the American Recovery and Reinvestment Act of 2009, promotes the adoption and meaningful use of health information technology.
As is often the case with a shift this monumental, there are both benefits and challenges of connected healthcare that practice groups will have to address. First, let’s take a look at some of the benefits.
1. Join the Digital Revolution. Just as other industries that went digital years ago, healthcare benefits from the streamlining offered by a networked environment. Clinical interoperability of healthcare IT lowers costs and enhances efficiency by facilitating the comprehensive exchange of health information between care providers, hospitals and patients. The trend is toward innovation in healthcare as the industry as a whole responds to consumer demands and government reforms.
2. Safety in Numbers. As of 2013, more than 323,000 American medical practices and hospitals adopted EHRs and attested as meaningful users, indicating a 266 percent increase over 2012, according to CMS statistics. However, even with this upsurge in participation, those numbers represent only a small percentage of US hospitals that currently keep electronic records and contribute to the health information exchange. So, while the risk of being an early adopter is largely gone, your practice group could still be near the front of the adoption wave.
3. It’s easier. As you can see from the statistics in the previous point, healthcare IT adoption is in an early phase, and for most practices, there is a lack of centralization. To help elucidate the complexity of the system, look no further than the state of Florida, where there are at least 672 EHR vendors. Connecting health information digitally creates a central database that greatly simplifies the process of storing and retrieving all patient data. It’s like finding the needle in the haystack every time.