For physicians’ practices in the 21st century, connectivity is the buzzword. Getting doctors connected to data, patients connected to healthcare providers, and practices connected to networks are just a few of the web-fueled scenarios coming down the pike.
The Health Information Technology for Economic and Clinical Health (HITECH) Act is a game changer and affects just about every aspect of modern medical care. HITECH, part of the American Recovery and Reinvestment Act of 2009, promotes the adoption and meaningful use of health information technology.
As is often the case with a shift this monumental, there are both benefits and challenges of connected healthcare that practice groups will have to address. First, let’s take a look at some of the benefits.
1. Join the Digital Revolution. Just as other industries that went digital years ago, healthcare benefits from the streamlining offered by a networked environment. Clinical interoperability of healthcare IT lowers costs and enhances efficiency by facilitating the comprehensive exchange of health information between care providers, hospitals and patients. The trend is toward innovation in healthcare as the industry as a whole responds to consumer demands and government reforms.
2. Safety in Numbers. As of 2013, more than 323,000 American medical practices and hospitals adopted EHRs and attested as meaningful users, indicating a 266 percent increase over 2012, according to CMS statistics. However, even with this upsurge in participation, those numbers represent only a small percentage of US hospitals that currently keep electronic records and contribute to the health information exchange. So, while the risk of being an early adopter is largely gone, your practice group could still be near the front of the adoption wave.
3. It’s easier. As you can see from the statistics in the previous point, healthcare IT adoption is in an early phase, and for most practices, there is a lack of centralization. To help elucidate the complexity of the system, look no further than the state of Florida, where there are at least 672 EHR vendors. Connecting health information digitally creates a central database that greatly simplifies the process of storing and retrieving all patient data. It’s like finding the needle in the haystack every time.
Guest post by Darren Leroux, senior director of product marketing, WinMagic.
Gone are the days where all personal health information solely lived in giant filing cabinets behind a receptionist’s desk or in the administrative office of a hospital. Today, patient data resides everywhere – desktops, laptops, smartphones, tablets and USB drives. Understandably so – given the rise of mobile computing and bring-your-own-device (BYOD) policies in healthcare, the once straightforward process of protecting patient’s personal health information has since evolved into a complex and overwhelming undertaking.
Just the Facts
According to a recent study, 81 percent of healthcare organizations are now allowing employees and medical staff to use their personal laptops and mobile devices to connect to provider networks or access company email. Interestingly enough, the same study found that of that 81 percent of healthcare institutions enabling a BYOD strategy, 54 percent did not believe that those devices were secure enough in the workplace; 65 percent of data breaches reported to the Ponemon Institute occurred on laptops and mobile devices over the last five years — it’s no wonder that more than half of those surveyed aren’t confident in the security of their devices
When we refer to personal health information at risk, we’re not just talking about historical health records – the potential for a data breach casts a much wider net, including patient billing information, clinical trial data and even employee information like payroll numbers. With so much sensitive, unprotected data up for grabs, we’re inclined to ask ourselves – how? How is this significant rise in healthcare data breaches even possible, and how do we stop this from continuing?
Below are the top three gaping security holes in remote healthcare data practices that are answering our question of how is this rise in breaches in possible:
Guest post by Domingo Guerra, president & co-founder, Appthority.
Last year, 2013, was a big year for mobile applications, including medical and health-related apps. As many medical centers have sought to increase patient engagement, improve outcomes and reduce healthcare costs, digital tools, such as iPads, smartphones, online portals and text messaging in hospitals are rapidly becoming commonplace. Smart health tech has gotten serious. Patients and doctors alike use medical apps. Physicians can access symptom checkers, drug information, medical calculators and more via smartphone and tablet apps. Patients can use apps to find doctors, set appointments, order prescriptions, receive test results, track calories, measure their heart rates and even monitor chronic diseases like diabetes. Patients and doctors agree that the immediate feedback and increase in available data will change the face of medicine. But will the face of privacy change with it?
Acquiring huge amounts of personal data from individuals could enable a more personalized and data driven approach to medicine. This is a very seductive concept, based on the implicit assumption that the more healthcare providers know about the patient, from analyzing his or her data, the better (and more customized) care the patient will receive. However, personal data, now collected and collated by the user’s health gadget, will be incredibly valuable to more than just the patient and the provider. Devices, whether they’re Google Glass or fitness wristbands will need to be integrated with newly developed apps, and existing apps will need to be heavily adapted to work properly. These technology integrations can potentially open back doors that allow cybercriminals to enter and extract sensitive data.
The aggregated data gathered from a wearable wristband capable of tracking a user’s heart rate, and expiration rates along with their blood sugar level and, of course, location can offer a truly comprehensive view of a user. Yes, it’s still early in the healthcare wearables space, but it was “early” in the mobile and BYOD spaces not long ago. Just as BYOD has led to security concerns for sensitive corporate data, these new healthcare devices should be a concern for personal privacy. As users are now literally plugging themselves into the Internet, it’s important to remember that cyber attackers can gain details about daily routines, patterns, and lifestyle, as well as location. This private information, tied together in a dossier that can include a user’s location, income, health status, and other attributes such as sexual orientation, could be of interest to many other groups.
Guest post by Ed Simcox, healthcare business leader, Logicalis US.
Healthcare is undergoing a significant transformation today, and so is healthcare IT. As a result, healthcare providers and their IT departments need to brace themselves for change – which is happening faster than they might realize – in five business-critical areas: healthcare IT infrastructure, mobility and BYOD, business continuity and disaster recovery, storage and vendor-neutral archives, and patient portals and mobile applications.
With pressure mounting to meet new regulatory requirements and ICD-10 deadlines, as well as the increased demands being placed on IT departments for interactive communications among patients, providers, and payers, healthcare CIOs need a set of “best practices” to help them navigate this IT transformation and arrive at the data-driven, value-based future of healthcare from where they stand today.
We call this IT transformation a “journey” because it isn’t something that happens overnight. This is a multi-stage process requiring significant evaluation of not only IT systems, but also of what the future workflows and business processes will be and how healthcare providers, patients and payers can all seamlessly share time-critical data. It’s a journey that is taking healthcare IT to the new levels of IT sophistication needed to support a substantial business change from volume to value, and there are five important milestones that every healthcare IT department is going to have to tackle along the way.
HIT Infrastructure — Of all the technical capabilities healthcare IT professionals are being asked to master today, the key is an ability to rapidly adapt to change. As a more technology-oriented generation of doctors and tech-savvy patients take their place in healthcare’s future, IT is going to be drawn increasingly into the actual delivery of health services. As a result, healthcare IT professionals won’t be spending the bulk of their time caring for their IT infrastructures. The good news is that if the IT infrastructure is transformed from today’s siloed systems into a virtualized, automated IT-as-a-Service resource, then the IT department will be able to focus its efforts directly on using technology to help doctors and nurses care for their patients and allowing patients to electronically manage their own care and wellness.
Guest post by Michelle Blackmer, director of marketing, Healthcare, Informatica.
The volume of protected health information (PHI) in electronic form is exploding – both from the wholesale move from paper charts to electronic health records for capturing clinical data and with the proliferation of new sources of electronic data from networked medical devices. Additionally, IT staff have been overwhelmed by regulatory mandates, rampant technology changes (e.g., virtualization, BYOD, big data), massive application projects and flat or decreasing budgets.
This increase in electronic PHI combined with the challenges for health systems IT make it even more important for providers and non-providers to find efficient ways to secure their data. However, with malicious activity showing a consistent upward trend, absent a change to an almost maniacal leadership focus on protecting patient data and the deployment of available tools and processes as an organizational imperative, 2014 will bring even more frequent and larger breaches of PHI.
Current data security climate
Even still, many healthcare organizations are not taking the necessary steps to reduce the proliferation of unprotected PHI in non-production test and development environments. Ninety-four percent of respondents to the third annual Ponemon Institute Benchmark Survey on Patient Privacy and Data Security had at least one data breach in the past two years, and 45 percent reported having had more than five total incidents each. Even more surprising is that the leading cause for a breach is a lost or stolen computing device that houses PHI. The survey also found that:
Unrestricted database administrator (DBA) access heightens risk: 73 percent of DBAs can view all data.
Data compromise/theft remains rampant: 50 percent of respondents say data has been compromised or stolen by a malicious insider such as a privileged user.
Organizations are under-coping:68 percent have difficulty restricting user access to sensitive data, 66 percent have difficulty complying with privacy/data protection regulations and 55 percent lack confidence that they would even detect data theft/loss from their own production environments.
Guest post by Garrett Taylor CEO of Uplift Comprehensive Services.
My organization, Uplift Comprehensive Services (residential services) is fully involved in “mhealth.” We use mobile high-definition video conferencing, which allows our doctors and clinicians to care for patients in geographically remote areas of North Carolina, and gives them full access to electronic health records and an easy way to collaborate each other. Along the way, we’ve improved patient service, enhanced productivity, and cut travel and office costs.
By combining video conferencing technology with a bring your own device (BYOD) mobile strategy, Uplift saves at least $500 for each scheduled physician visit. The thousands of dollars we save each year can be used instead to find grant opportunities for better patient care.
It’s not as hard as you might think to use video conferencing in a mhealth strategy. What follows is an explanation of Uplift’s mobile video conferencing approach.
Uplift Comprehensive Services has been in business for 12 years, covering 15 counties across North Carolina. We offer community-based assistance for children, adolescents and adults, with services substance abuse prevention to mental health treatment. Our treatment options include multi-systemic therapy, outpatient therapy, and medication management, among others. Continue Reading
Alex Bratton, CEO of Lextech, discusses his company, its vision, why it’s important to healthcare and how the changing landscape of health app is affecting health outcomes and the industry as a whole.
What is Lextech and why does it matter to healthcare?
Lextech is a mobile app development company that evaluates business workflows to identify and build apps that improve processes and make the complex simple. Mobile apps will become increasingly important to the healthcare industry for two reasons: they are instrumental in helping caregivers and insurance companies build direct relationships with patients, and they can help drive healthcare costs down. With the massive changes taking place in healthcare, and the uncertainty that goes with change, it’s crucial for healthcare service providers to create a strong bond with patients by giving them tools and information that make their lives easier.
What do your clients say works wonderfully? What doesn’t work so well? Why?
Lextech is known for its Billion Dollar App (BDA) process, which focuses organizations on developing the right app for the right reason, and to use that app to improve processes. This approach often results in significant cost savings and efficiencies. The opposite of this, which doesn’t work well, is what we call the “obvious app.” An example of an obvious app in healthcare is to squish a desktop-oriented EHR system onto an iPad. This is inadequate because it doesn’t streamline a process and it certainly doesn’t simplify users’ access to information. The better approach is focusing on a portion of the healthcare workflow and driving small portions of the EHR data and functionality through a brand new window–an intuitive app. Important questions need to be asked before developing an app, including: what are we trying to accomplish with this app, how will people use this app, why will they use the app, and what problem does it fix?
Guest post by John Moynihan, healthcare segment manager, Global Industry Marketing, Siemens Enterprise Communications and Randy Roberts, vice president, mobility portfolio, Siemens Enterprise Communications.
Technology in business today can seem like a zero-sum game. When the employees win, they are able to do whatever it takes to be productive. But doing that tends to tie the hands of IT, keeping them from locking down devices and services well enough to make sure their information is secure. This situation is becoming more common in the medical industry, with clinicians and computing staff often at odds over convenience versus security. Doctors, traditionally reluctant to adopt new technology or take any risks with tried-and-true methods for caring for their patients, have taken to mobility as a duck to water.
Because access to patient information allows them to better do their jobs, doctors in particular are quickly adopting tablets and smartphones. And while they’re not ignorant of the security risks of these devices, particularly the potential for patient information to be lost or stolen, their focus is on caring for their patients. In fact, even if their business doesn’t provide or specifically allow for mobility, they are bringing their own devices into the office.
I’m not unique in that during this time of year I love to take a look at predictions made by some of the industry’s “best” and see if their predictions make sense, are surprising in a good way or if they are surprising in a stupid way.
With that in mind, I came across an interesting piece in Canadian Manufacturing of all places that features several intriguing predictions by analyst firm Gartner that I think are worth a look here as they have peripheral relation to healthcare.
So, here we go. Gartner’s top IT predictions include:
By 2015, big data demand will reach 4.4 million jobs globally, but only one-third of those jobs will be filled. According to the report: “The demand for big data is growing, and enterprises will need to reassess their competencies and skills to respond to this opportunity. Jobs that are filled will result in real financial and competitive benefits for organizations. Note that enterprises need people with new skills—data management, analytics and business expertise and nontraditional skills necessary for extracting the value of big data, as well as artists and designers for data visualization.”
In a market like healthcare, where highly skilled jobs are often difficult to fill, we should understand this prediction to be very true and one not to take too lightly. Some of these job vacancies will be at health system that needs the data to meet federal reporting requirements. The individuals with these skills will have a great deal of clout as they eventually move into the job market.
Employee-owned devices will be compromised by malware at more than double the rate of corporate-owned devices. “Corporate networks will become more like college and university networks, which were the original “bring your own device” (BYOD) environments. Because colleges and universities lack control over students’ devices, they focus on protecting their networks by enforcing policies that govern network access. Gartner believes that enterprises will adopt a similar approach and will block or restrict access for those devices that are not compliant with corporate policies. Enterprises that adopt BYOD initiatives should establish clear policies that outline which employee-owned devices will be allowed and which will be banned.”
BYOD continues to rear its head so don’t be caught unawares. AS Gartner predicts, you must have a plan for mobile device management and personal device use in the workplace. Ignorance is not bliss, in this case, and since employees are currently using their own devices in the healthcare setting where very important personal information can be exposed, develop a policy, stick with it and let your employees know you have one in place. Circulate it!
By 2016, wearable smart electronics in shoes, tattoos and accessories will emerge as a $10-billion industry. “The majority of revenue from wearable smart electronics over the next four years will come from athletic shoes and fitness tracking, communications devices for the ear, and automatic insulin delivery for diabetics. CIOs must evaluate how the data from wearable electronics can be used to improve worker productivity, asset tracking and workflow.”
Healthcare will play a role in how wearable electronics and traceable devices are used to track the health of individuals, especially in outpatient and in-home care. The data from these devices will flow directly into your EHR and become part of the patient record. Physicians will be forced to learn the benefits of these devices and patients are going to need to accept it.
By 2014, market consolidation will displace up to 20 percent of the top 100 IT services providers. “The convergence of cloud, big data, mobility and social media, along with continued global economic uncertainty, will accelerate the restructuring of the $1 trillion IT services market. By 2015, low-cost cloud services will cannibalize up to 15 percent of top outsourcing players’ revenue, and more than 20 percent of large IT outsourcers not investing enough in industrialization and value-added services will disappear through merger and acquisition. CIOs should re-evaluate the providers and types of providers used for IT services, with particular interest in cloud-enabled providers supporting information, mobile and social strategies.”
The prediction smacks of the ongoing discussion about the EHR vendor market and how much longer it can contain the number of players. Certainly, we’re seeing deterioration of this segment now, though it has been expected to erode more quickly than it has. Expect there to be fewer EHR vendors in the next 12 months, and realize that no vendor is too big to fail (see Allscripts). Prepare early and do your due diligence before signing the dotted line.
I’d love to know your thoughts. Do you agree with these predictions and my assessments? What are yours?
Lack of healthcare interoperability continues to throw its weight in the road of progress, stopping much traffic in its tracks.
But you know that already, don’t you; you work in healthcare IT. That electronic health records lack the ability to speak with their counterpart systems is no surprise to you. In fact, it’s probably caused you a great deal of frustration since the first days of your system implementation.
From my perspective, things are not going to change very soon. There’s not enough incentive for vendors to work together, though they can and in many cases are able to do so. The problem, though, is that vendors are not sure how to charge physicians, practices, hospitals and healthcare systems for the data that is transferred through their “HIE-like” portals that would connect each company’s technology.
The purpose of this piece is not to diverge into the HIE conversation; that’s a topic for another day. However, this is a piece about what have recently been listed as the biggest barriers physicians face when dealing with the concept of interoperability.
The magazine cites a study in which more than 70 percent of the physicians said that their EHR was unable to communicate electronically with other systems. This is the definition of a lack of interoperability that prevents electronic exchange of information, and ultimately will fuel health information exchanges.
It is notable that 30 percent of physicians said that their EHRs are interoperable with other systems. That makes me wonder if this is a verified fact or perception only verified by a marketing brochure.
Another barrier, according to the report, is the cost of setting up and maintaining interfaces and exchanges to share information. According to this statement, physicians are worried about the cost of being able to transmit data, too, which puts them in line with vendors, who, like I said, are worried about how they can monetize data transfer.
An interesting observation from the piece: “Making progress on interoperability will be essential as physicians move forward with different care delivery models such as the patient-centered medical home and the medical home neighborhood.”
What amazes me about this conversation is that given the purported advantage employees gain from the mobile device movement and how BYOD (bring your own device) seems to increase a staff’s productivity because it creates an always-on mentality. I don’t think it’s a stretch to think the same affect would be discovered if systems were connected and interoperable.
An interoperable landscape of all EHRs would allow physicians and healthcare systems to essentially create their own always on, always available information sharing system that would look a lot like what we see in daily lives with the devices in the palm of our hands.
Apparently, everyone wants and interoperable system; it’s just a matter of how it’s going to get paid for. And moving the data and the records freely from location to location opens up the health landscape like a mobile environment does.
Simply put, this is one issue that seems to resemble our current political landscape: a hot button issue that needs to be addressed but neither side wants to touch the issue because no one wants to or is able to pay for it.
One of the problems with this approach is that if we wait long enough, perhaps interoperability also will be mandated and we’ll all end up on its hook.
So, let’s take a lesson from the mobile deice world and allow for a greater opportunity to connect healthcare data to more care providers on behalf of the patients and their outcomes.