In the wake of the recent Ashley Madison hacking scandal, cyber breaches have become a hot-button issue. Poking fun at high-profile people caught in the midst of a scandal has nearly become a national pastime in recent years, but the hack itself is no laughing matter. After all, just six months ago, a data breach at Anthem, Inc. revealed as many as 80 million records had been exposed during what the company characterized as a “very sophisticated external cyber attack.” Certainly, no one was laughing then – not the millions of people whose birth dates, Social Security numbers, addresses and income information were exposed — and certainly not Anthem, which now faces dozens of class action lawsuits. The costs may include millions of dollars in damages and a major hit to the insurance company’s brand and reputation.
One lesson these two very different breaches brought home is that businesses of every type and size are vulnerable to cyber attacks and identity theft. If Anthem were the only health-related business to have been hacked, it would still be a disturbing event; but in fact, the U.S. Department of Health and Human Services maintains an entire website devoted to healthcare-related data breaches of 500 or more records. So far, there are more than 1,300 cases on file, with targets that include individual practices, university-based research facilities, public and private hospitals, and major insurance companies.
In 2012, the U.S. Department of Justice’s Bureau of Justice Statistics reported that 7 percent of the U.S. population 16 and older had been the victim of identity theft, and direct and indirect losses that year amounted to about $25 billion. That’s staggering. What’s even more alarming is that about one-third of those victims spent weeks or months trying to untangle the financial mess long after their information was stolen.
It’s easy to think the impact of identity theft is limited to financial implications, but the government report had one more startling bit of data revealing just how far-reaching the effects of a data breach can be on its victims. According to the data, “Victims who had personal information used to open a new account or for other fraudulent purposes were more likely than victims of existing account fraud to experience financial, credit and relationship problems and severe emotional distress.”
Guest post by Jay Savaiano, director, worldwide healthcare business development, CommVault.
Healthcare professionals are inundated with an abundant amount of ways that they can access and store clinical data. Healthcare IT departments are given the task of making sure the delivery of that clinical data is readily available and can be accessed via a myriad of devices, as well as in a secure manner that meets the compliance standards that the entire enterprise has agreed on upholding. The deluge of data and the ever-changing ways that the data is accessed is creating some major challenges and concerns for the majority of professionals who are responsible for managing the nation’s healthcare information stream.
In a recent nationwide survey of healthcare IT managers in enterprise organizations, 75 percent of respondents – up 14 percent from last year – indicated they were concerned about the protected health information (PHI) residing in Bring-Your-Own-Cloud (BYOC) solutions, such as Box or Dropbox. A large number of BYOC solutions even offer the first 2GB of storage for free, which may speak to their popularity.
Today, smart phones, tablets and computers that have helped proliferate the popularity of “Bring-Your-Own-Device” programs all come out of the box with some sort of free cloud-based storage solution. Though Intel and ReadWrite report that 49 percent of U.S. IT managers “Strongly Agree that BYOD Improves Worker Productivity,” when you couple BYOC with BYOD together and add protected health information to the mix, healthcare organizations can be opening themselves up to a tremendous amount of liability.
With the policies inherent in clinical applications themselves, it is easy to maintain the security of the content, which is often structured and rarely stored locally. However, the challenge revolves around the unstructured data with PHI. For example, if a clinician maintains a spreadsheet of basic patient data and he or she places that spreadsheet in a BYOC-type solution, both the clinician and the healthcare organization are putting themselves in a liable position. Only when cloud-based solutions are authorized by the healthcare facility and meet the organization’s compliance criteria – which can and usually dictates the cloud provider is willing to sign a business associate agreement in support of HIPAA – are the organization and clinician able to limit the potential liability impact. There can still be other factors that create new liability, but by making the limitation of rogue cloud storage a priority, healthcare organizations can better protect themselves against a potential data breach and subsequent lawsuit.
Guest post by Ed Simcox, healthcare business leader, Logicalis US.
Healthcare is undergoing a significant transformation today, and so is healthcare IT. As a result, healthcare providers and their IT departments need to brace themselves for change – which is happening faster than they might realize – in five business-critical areas: healthcare IT infrastructure, mobility and BYOD, business continuity and disaster recovery, storage and vendor-neutral archives, and patient portals and mobile applications.
With pressure mounting to meet new regulatory requirements and ICD-10 deadlines, as well as the increased demands being placed on IT departments for interactive communications among patients, providers, and payers, healthcare CIOs need a set of “best practices” to help them navigate this IT transformation and arrive at the data-driven, value-based future of healthcare from where they stand today.
We call this IT transformation a “journey” because it isn’t something that happens overnight. This is a multi-stage process requiring significant evaluation of not only IT systems, but also of what the future workflows and business processes will be and how healthcare providers, patients and payers can all seamlessly share time-critical data. It’s a journey that is taking healthcare IT to the new levels of IT sophistication needed to support a substantial business change from volume to value, and there are five important milestones that every healthcare IT department is going to have to tackle along the way.
HIT Infrastructure — Of all the technical capabilities healthcare IT professionals are being asked to master today, the key is an ability to rapidly adapt to change. As a more technology-oriented generation of doctors and tech-savvy patients take their place in healthcare’s future, IT is going to be drawn increasingly into the actual delivery of health services. As a result, healthcare IT professionals won’t be spending the bulk of their time caring for their IT infrastructures. The good news is that if the IT infrastructure is transformed from today’s siloed systems into a virtualized, automated IT-as-a-Service resource, then the IT department will be able to focus its efforts directly on using technology to help doctors and nurses care for their patients and allowing patients to electronically manage their own care and wellness.
Another interesting infographic, from Dell, that I thought worthy of sharing. It’s comprehensive, as you can see. Essentially, it asks and answers the question of how is healthcare IT changing through and because of its relationship with technology.
Without a doubt, the change we’re seeing, especially in the last 10 years, is monumental. Take a look at some of the figures below. In a nutshell: social media, which truly did not exist a decade ago is changing healthcare, especially consumer engagement with the industry. According to this data, more than 40 percent of patients are affected by the use of social media in the care space and it drives their decision when deciding which facility to give business to. Does this suggest that they want their physicians using social media platforms or to simply have a profile to interact with the office? The data doesn’t say, but it likely implies that they want the ability to be able to communicate through their own channels rather than the more archaic means like the phone and static websites. Patients want the ability to communicate somehow through the use of social and likely want to own more of the relationship with their providers. It is their health after all and they want the process of care to be efficient. This trend will likely only increase.
Another interesting point here is that more than 75 percent of healthcare CIOs believe that their health systems don’t have the infrastructure to support their technological advancement. This is a major issue as these leaders look to make long-term adjustments, keep up with reform and employ systems to drive efficiencies. However, in an ever-changing technological world where advancement never ends, I think this is likely to be an ongoing trend/problem/dissatisfaction. For example, over the last five years so much attention has been given the the use of and functionality of EHRs and how they will improve healthcare as a whole, but many say that the systems are antiquated and simply don’t meet the needs of modern practices and hospitals and more needs to be done to improve them and make them more robust and useful.
Today’s healthcare IT departments have a relatively tall order when it comes to effective EHR data management. In an environment that often requires them to be simultaneously budget-conscious, growth-minded and patient-driven, healthcare IT must also address the often-competing data management needs for:
Data at rest
Data mining and analytics
Popular EHR system vendors have made significant strides to address several of these data management issues. Unfortunately, they can only go so far given the current state of many healthcare IT environments. Some departments may still require custom software applications, complete with specially configured servers, storage and network hardware to support them.
Healthcare organizations today are pursuing a wide range of health IT initiatives in the hopes of reducing costs, improving efficiencies and, most importantly, enhancing patient care. While a great deal of attention is being paid to high-profile health IT topics, such as electronic health records (EHRs) and health information exchange (HIE), there are basic aspects of the workflow at healthcare organizations that can also play a key role in driving healthcare efficiencies. One of these is the patient discharge experience.
How well patients are communicated with upon discharge is a leading threat to a healthcare organization’s top-line revenue, as well as an endangerment to the patient experience. With Medicare/Medicaid regulations now making it difficult to collect revenue for a patient’s second visit for the same problem within 30 days, special attention needs to be paid to how well healthcare organizations are preparing the patient when they walk out the hospital door—and at home following their release. Patients need to be able to understand their at-home instructions for post-visit care so they don’t have to return to the healthcare facility for more treatment or instructions, which will negatively impact the hospital’s revenue and the patient experience.
Creating a more effective discharge experience for patients requires providing clear, easy to read discharge instructions. Accomplishing this is not always a simple task given that the instructions typically are compiled from a large set of data feeds, gathered from multiple treating physicians and need to be provided in a language that the patient can understand. Health IT can play a critical role in overcoming these hurdles.
Similarly, healthcare organizations will benefit from considering the archival system in place. It is important to have an archival process that will enable the organization to prove that discharge instructions were complete and comprehensive. This will avoid the potential for losing Medicare/Medicaid reimbursements in the event of an audit. Not having the ability to easily retrieve all relevant records exposes the healthcare organization to avoidable revenue loss.
Guest post by Scott Parker, senior marketing analyst, CureMD.
Healthcare needs to be efficient in delivering care to the patient. What if iPad and iPhone apps provide the services healthcare professionals need? Wouldn’t that be a dream come true? The mobile healthcare market is talk of the town in healthcare circuits. The amazing thing is, mostly mobile EHRs are free. Soon to be launched CureMD’s app Avalon will be free too. It is free because you only pay for the services you use.
Medical history on fingertips: Healthcare professionals only dreamt about a day, when the ease of access in terms of patient data could take a step further, and somehow make them get off their boring computer screens. All of patient’s data is just a few taps away with mobile EHR. Providers can access an up-to-date list of current and past diagnoses of the patient; along with list of medications the patient has been formally prescribed.
Empowering patients: Mobile EHRs are not just for care providers. They are for patients as well. Patients can use mobile EHR to view their test results along with clinical summaries of their visit to the practice. They can keep track of their vaccinations, making it convenient for the providers and staff to arrange an appointment. If providers are able to empower patients through mobile EHR they are essentially empowering themselves.
Accurate sharing of patient information: Mobile EHRs provides a coordinated system of care through its function of interoperability. It allows for secure exchange of data among multiple providers, practices and healthcare facilities in real-time. This will provide a better support structure for informed clinical decisions. All in all, it reduces manual medical errors caused by humans trying to provide information through lethargic channels.
A variety of factors influence the success of healthcare organizations. From quality patient care to well-trained staff and the ability for administrative professionals to work efficiently, healthcare organizations must be able to provide patient care affordably, quickly and thoroughly.
Healthcare IT professionals can support their organizations by investing in and implementing technology that helps employees provide a positive patient experience. Although we typically think of improvements to the patient experience as outward-facing, like providing thorough medication information, scheduling appointments efficiently and friendly staff, adopting the right technology for “behind the counter” tasks can improve the patient experience exponentially.
Healthcare IT professionals should invest in cloud-based document management solutions and streamlined hardware and software that allow administrative employees, nurses and doctors to work quickly and comprehensively with access to forms, medication information and patient data where and when they need it. When a healthcare organization’s employees are able to work with accuracy and focus on patients, the patient experience, in turn, improves. Patients then receive the responsiveness and care they need when asking questions about medications, ailments and making follow-up appointments.